Introducing Advanced Account Security

Introducing Advanced Account Security | OpenAI

Skip to main content

[](http://openai.com/)

• Research
• Products
• Business
• Developers
• Company
• Foundation(opens in a new window)

Log inTry ChatGPT(opens in a new window)

• Research
• Products
• Business
• Developers
• Company
• Foundation(opens in a new window)

Try ChatGPT(opens in a new window)Login

OpenAI

Table of contents

• How Advanced Account Security works
• Making phishing-resistant authentication more accessible with Yubico
• Protecting Trusted Access for Cyber
• An important step, with more to come

April 30, 2026

ProductSecurity

Introducing Advanced Account Security

An advanced set of protections against unauthorized access to ChatGPT accounts, Codex, and the sensitive information they can contain.

Learn more(opens in a new window)

Loading…

Share

Today, we’re introducing Advanced Account Security, a new opt-in setting for ChatGPT accounts, designed for people at increased risk of digital attacks, as well as for those who want the strongest account protections available. It brings together a set of heightened security measures that help safeguard against account takeover while making those protections easier to activate in one place. Once enrolled, Advanced Account Security protects users in Codex as well.

People are turning to AI for deeply personal questions and increasingly high-stakes work. Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows. For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.

This effort is part of our broader cybersecurity action plan⁠(opens in a new window) to broaden access to the technologies that can help protect communities, critical systems, and our national security. We want users to have the controls to make the security and privacy choices that are right for them. At the same time, we want to ensure users understand that the increased protection of Advanced Account Security comes with an increased responsibility for account recovery.

How Advanced Account Security works

Advanced Account Security brings together a series of controls that strengthen sign-in protections, tighten account recovery, reduce exposure from compromised sessions, and give users more visibility into account activity. It’s available to opt into in the Security section of users’ ChatGPT accounts on web. Protection applies to both ChatGPT and Codex accounts that are accessed through that login.

**Stronger sign-in methods**. Advanced Account Security requires passkeys or physical security keys while disabling password-based login, helping make phishing-resistant sign-in the default for people who need it most.

**More secure account recovery**. If a user’s email account or phone number is compromised, an attacker may try to use one of them to gain access to their ChatGPT account via e-mail or SMS based recovery. To reduce this risk, Advanced Account Security disables email and SMS recovery and requires stronger recovery methods: backup passkeys, security keys, and recovery keys. Because account recovery is restricted to these more secure methods, OpenAI Support will not be able to assist with account recovery for users enrolled in Advanced Account Security.

**Shorter sessions and clearer session management**. Sign-in sessions are shortened to reduce the window of exposure if a device or active session is compromised. Users also receive alerts when there is a login to their account, and they can review and manage the active sessions across the various devices they’re signed into.

**Automatic training exclusion**. People working with especially sensitive information may opt not to have those conversations used for model training. With Advanced Account Security enabled, that preference is automatic: conversations from those accounts will not be used to train our models.

Making phishing-resistant authentication more accessible with Yubico

Using physical security keys, such as YubiKeys, is one of the strongest defenses against phishing. To make that level of protection easier to access, we have partnered with Yubico, a leader in hardware-based authentication and account protection, to offer our users preferred pricing on a customized bundle of best in class security keys. The YubiKey C Nano is designed to stay in your laptop for simple, low-friction daily authentication, and the YubiKey C NFC for backup, and use across laptops and mobile devices.

We’re launching this partnership as part of Advanced Account Security, but the bundle will be available to all eligible users in their security settings on web so more people can adopt stronger, phishing-resistant account protection. Users will also be able to use any other FIDO-compliant security key, or use software-based passkeys.

Protecting Trusted Access for Cyber

We continue to expand programs that give verified defenders access to more capable and permissive models, and we need to ensure that the accounts of those defenders are protected with our most advanced security protections.

Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.

An important step, with more to come

OpenAI is becoming the core infrastructure for AI, making it possible for people around the world and businesses, big and small, to just build things. The broad consumer reach of ChatGPT creates a powerful distribution channel into the workplace, where demand is rapidly shifting from basic model access to intelligent systems that reshape how businesses operate. Developers build on and expand the platform by leveraging our APIs, and Codex is transforming how developers turn ideas into working software.

As AI becomes increasingly embedded in our lives, it is more important than ever to ensure that users have the controls they need to help protect their privacy and security.

Privacy and security are foundational to how we build all of our products and we’ll continue investing in protections that give people more control and stronger safeguards over time. We expect to extend this work to additional audiences, including enterprise environments, where stronger account security can matter just as much.

OpenAI users who want additional protection can enroll in Advanced Account Security ⁠(opens in a new window)on web starting today.

• 2026
• ChatGPT

Author

OpenAI

Keep reading

View all

OpenAI models, Codex, and Managed Agents come to AWS Product Apr 28, 2026

Introducing GPT-5.5 Product Apr 23, 2026

Making ChatGPT better for clinicians Product Apr 22, 2026

Our Research

• Research Index
• Research Overview
• Research Residency
• Economic Research

Latest Advancements

• GPT-5.5
• GPT-5.4
• GPT-5.3 Instant
• GPT-5.3-Codex

Safety

• Safety Approach
• Security & Privacy
• Trust & Transparency

ChatGPT

• Explore ChatGPT(opens in a new window)
• Business
• Enterprise
• Education
• Pricing(opens in a new window)
• Download(opens in a new window)

API Platform

• Platform Overview
• Pricing
• API log in(opens in a new window)
• Documentation(opens in a new window)
• Developer Forum(opens in a new window)

For Business

• Business Overview
• Solutions
• Contact Sales

Company

• About Us
• Our Charter
• Foundation(opens in a new window)
• Careers
• Brand

Support

• Help Center(opens in a new window)

More

• News
• Stories
• Academy
• Livestreams
• Podcast
• RSS

Terms & Policies

• Terms of Use
• Privacy Policy
• Other Policies

(opens in a new window)(opens in a new window)(opens in a new window)(opens in a new window)(opens in a new window)(opens in a new window)(opens in a new window)

OpenAI © 2015–2026 Manage Cookies

English United States