OpenAI introduces Advanced Account Security, a new opt-in setting for ChatGPT accounts

Yesterday, OpenAI introduced a new opt-in setting for ChatGPT accounts called Advanced Account Security.

Now available for ChatGPT accounts: Advanced Account Security, a new opt-in setting for people at higher risk of digital attacks, with stronger protections including phishing-resistant sign-in and more secure account recovery.https://t.co/KhBGENuXzT

— OpenAI (@OpenAI) April 30, 2026

Advanced Account Security

This setting is designed for people at increased risk of digital attacks, as well as for those who want the strongest account protections available. It brings together a set of heightened security measures that help safeguard against account takeover while making those protections easier to activate in one place. Once enrolled, Advanced Account Security protects users in Codex as well.

OpenAI wants to ensure users understand that the increased protection of Advanced Account Security comes with an increased responsibility for account recovery.

How does Advanced Account Security work?

• Stronger sign-in methods- Advanced Account Security requires passkeys or physical security keys while disabling password-based login, helping make phishing-resistant sign-in the default for people who need it most.
• More secure account recovery- Advanced Account Security disables email and SMS recovery (if a user’s email account or phone number is compromised) and requires stronger recovery methods: backup passkeys, security keys, and recovery keys. Because account recovery is restricted to these more secure methods, OpenAI Support will not be able to assist with account recovery for users enrolled in Advanced Account Security.
• Shorter sessions and clearer session management- Sign-in sessions are shortened to reduce the window of exposure if a device or active session is compromised. Users also receive alerts when someone logs in to their account, and they can review and manage active sessions across the devices they’re signed in to.
• Automatic training conclusion- People working with especially sensitive information may opt not to have those conversations used for model training. With Advanced Account Security enabled, that preference is automatic.

OpenAI has partnered with Yubico (a leader in hardware-based authentication and account protection) to offer its users preferred pricing on a customised bundle of best-in-class security keys. The YubiKey C Nano is designed to stay in the user’s laptop for simple, low-friction daily authentication, and the YubiKey C NFC for backup, and use across laptops and mobile devices. The bundle will be available to all eligible users in their security settings on the web, so more people can adopt stronger, phishing-resistant account protection.

Users will also be able to use any other FIDO-compliant security key or use software-based passkeys.

Individual members of Trusted Access for Cyber accessing OpenAI’s most cyber-capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organisations with trusted access can, as an alternative, attest that they have phishing-resistant authentication as part of their single sign-on workflow.

Availability

OpenAI users who want additional protection can enrol in Advanced Account Security on the web. The Advanced Account Setting is available to opt into in the Security section of users’ ChatGPT accounts on the web. Protection applies to both ChatGPT and Codex accounts that are accessed through that login.