OpenAI adds opt-in passkeys for ChatGPT, drops email/SMS recovery
OpenAI introduced Advanced Account Security for ChatGPT: it requires passkeys or hardware security keys, removes email and SMS recovery, and excludes enrolled accounts from model training.
OpenAI on Thursday introduced Advanced Account Security, an opt-in account setting for ChatGPT that replaces passwords with passkeys or FIDO-compliant hardware security keys. The feature is available in web account settings and applies to ChatGPT and Codex accounts that share the same login.
The setting removes email and SMS as account recovery options. Account owners who enable Advanced Account Security can recover access only with backup passkeys, physical security keys, or recovery keys. OpenAI warned it cannot assist with account recovery if those methods are not available.
OpenAI described the option as designed for people who use ChatGPT for sensitive or high-stakes tasks, naming journalists, elected officials, political dissidents, researchers and other security-conscious users. The company added, “People are turning to AI for deeply personal questions and increasingly high-stakes work,” saying individual accounts can hold personal and professional context and connect to other tools and workflows.
The setting shortens sign-in sessions to limit exposure if a device is compromised. Enrolled accounts receive login alerts and can review active sessions across devices. Conversations from accounts enrolled in Advanced Account Security are automatically excluded from model training.
To support hardware-based keys, OpenAI partnered with Yubico to offer a discounted bundle that includes two keys for everyday use and backup. Users may also use other FIDO-compliant security keys or software-based passkeys.
The rollout affects OpenAI’s Trusted Access for Cyber program. Members of that program must enable Advanced Account Security starting June 1 unless their organizations confirm they use phishing-resistant authentication through single sign-on systems.
OpenAI framed the new setting as a response to rising phishing attacks and wallet-targeting scams. Recent incidents included fake developer accounts, hijacked domains used to push wallet-draining prompts, and a counterfeit app that reportedly stole more than $9 million from over 50 users.
The company concluded by reiterating its focus on user protections, writing that privacy and security are foundational to product development and that it will continue investing in safeguards that give people more control over their accounts.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
