OpenAI Advanced Account Security Implementation Details and What Engineers Can Do Now
OpenAI’s Advanced Account Security, announced on April 30, 2026, is an advanced security protection feature for ChatGPT and Codex accounts. This feature is provided as an opt-in setting for users who are at high risk of digital attacks or require the strongest account protection.
What Has Changed
The transition from traditional password-based authentication to phishing-resistant authentication methods is now possible. When Advanced Account Security is enabled, password-based login is disabled, and a passkey or physical security key is required.
OpenAI identifies “journalists, elected public officials, political dissidents, researchers, and people who especially value security” as the primary target users. For these users, ChatGPT accounts may contain highly sensitive personal and professional contexts and may be at the center of connected tools and workflows.
Security Feature Details
Advanced Account Security provides four major protection layers.
Enhanced sign-in methods require a passkey or physical security key, disabling password-based login. This provides phishing-resistant sign-in by default for users who need it most.
More secure account recovery reduces the risk of account compromise via email or phone number breaches. A mechanism is implemented to prevent attackers from accessing ChatGPT accounts through email or SMS-based recovery.
OpenAI has partnered with Yubico to make phishing-resistant authentication more accessible. Additionally, “Trusted Access” protection in the cybersecurity field has been enhanced.
What Engineers Can Do Today
To enable Advanced Account Security on ChatGPT accounts, log in to ChatGPT via a web browser and opt-in from the Security section of the account settings. This protection applies to both ChatGPT and Codex accounts accessed with the same login.
If you don’t have a physical security key, consider purchasing a FIDO2-compatible device like YubiKey. If you have a passkey-compatible device (iPhone, Android, Windows Hello-compatible PC), you can start setting it up immediately.
An important note is that the enhanced protection of Advanced Account Security comes with increased responsibility for account recovery. Since traditional recovery methods are limited, managing security keys or passkeys becomes more critical.
(Source: Introducing Advanced Account Security)
Summary
- Enabling Advanced Account Security on ChatGPT and Codex accounts allows for phishing-resistant authentication using passkeys or physical security keys
- You can opt-in now from the Security section of your ChatGPT account settings on the web to protect your account from password-based attacks
- Introducing FIDO2-compatible security keys like YubiKey can significantly reduce the risk of email and SMS recovery attacks
- Journalists, researchers, and political figures using ChatGPT for sensitive work can reduce occupational risks with this feature