OpenAI Rolls Out Advanced Account Security for ChatGPT Users
OpenAI's new opt-in security feature requires passkeys, limits recovery options, and excludes chats from training.
By Jason NelsonEdited by Andrew HaywardApr 30, 2026Apr 30, 20263 min read
In brief
- OpenAI introduced an opt-in Advanced Account Security setting for ChatGPT.
- The feature requires passkeys or security keys and removes email and SMS recovery.
- Enrolled accounts are excluded from model training by default.
OpenAI on Thursday introduced Advanced Account Security, a new opt-in setting for ChatGPT designed for users who want stronger protection or face higher risks of digital attacks.
The company said the new feature was created in response to how people are increasingly using ChatGPT to handle more sensitive and high-stakes tasks.
“People are turning to AI for deeply personal questions and increasingly high-stakes work. Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows,” OpenAI said in a statement. “For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.”
OpenAI said the feature is intended to give users more control over security and privacy while centralizing protections in one place.
Available in web account settings, the feature applies to ChatGPT and Codex accounts using the same login and requires passkeys or physical security keys instead of passwords, while limiting account recovery to backup passkeys, security keys, or recovery keys, and removing email and SMS options. That means OpenAI cannot assist with account recovery if those methods are unavailable.
“Using physical security keys, such as YubiKeys, is one of the strongest defenses against phishing,” the company wrote. “To make that level of protection easier to access, we have partnered with Yubico, a leader in hardware-based authentication and account protection, to offer our users preferred pricing on a customized bundle of best-in-class security keys.”
OpenAI said it will offer a discount on a bundle that includes two keys for everyday use and backup. Users can also use other FIDO-compliant security keys or software-based passkeys.
Sign-in sessions are shortened to limit exposure if a device is compromised. Users receive alerts for logins and can review active sessions across devices. The setting also changes how user data is handled. Conversations from accounts enrolled in Advanced Account Security are automatically excluded from model training.
OpenAI did not immediately respond to a request for comment by Decrypt.
The announcement comes as phishing attacks continue to target users with increasingly convincing scams.
In March, an OpenClaw developer was lured to a phishing scam targeting crypto wallets through a fake Github account. That same month, the Bonk.fun domain was hijacked by scammers to push wallet-draining prompts. Earlier this month, a fake Ledger app stole more than $9 million from over 50 users.
The Advanced Account Security rollout also includes changes for users in OpenAI’s “Trusted Access for Cyber” program, which provides access to more capable and permissive models. Members of the program will be required to enable Advanced Account Security starting June 1. Organizations can instead confirm they use phishing-resistant authentication through single sign-on systems.
“Privacy and security are foundational to how we build all of our products and we’ll continue investing in protections that give people more control and stronger safeguards over time,” OpenAI wrote. “We expect to extend this work to additional audiences, including enterprise environments, where stronger account security can matter just as much.”
