Image: gguy/Adobe Stock
OpenAI’s Advanced Account Security lets ChatGPT and Codex users replace passwords with passkeys or security keys, but recovery is limited.
OpenAI has introduced a new security feature that allows users to completely abandon passwords, replacing them with stronger login methods designed to block modern cyberattacks.
The feature, called Advanced Account Security, is an opt-in setting for users of ChatGPT and Codex. Once enabled, it removes traditional email-and-password logins and replaces them with passkeys or physical security keys. The move comes as AI accounts increasingly store sensitive personal and professional data, making them attractive targets for hackers.
If you choose to switch on this new mode, the traditional email and password login disappears entirely. In its place, you’ll need to use either a passkey (stored on your phone or computer) or a physical security key (like a USB thumb drive).
To make the transition easier, OpenAI has teamed up with Yubico to offer a discounted bundle of two security keys for $68, a significant drop from the usual $126 retail price. This setup ensures that even if a hacker steals your email address, they can’t access your ChatGPT account without your physical device in their hands.
“Users continue to use ChatGPT for some of their most sensitive and personal matters, and it only makes sense that we as a company try to make available capabilities that meet our users with how they use our product,” said Ogbeide Oigiagbe, a member of OpenAI’s product team, per Axios.
This level of security is essentially a digital vault, but it comes with a major catch: there is no “Forgot Password” button. Once you enable Advanced Account Security, OpenAI disables recovery via email or SMS. This is a deliberate move to prevent SIM-swapping attacks, but it means that if you lose your physical keys and your backup codes, you are locked out forever.
OpenAI is being very clear that their support team cannot bail you out if you lose access.
While anyone can turn this on, OpenAI is specifically eyeing people with a target on their back. The company noted that “For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.”
In fact, for certain high-level users in OpenAI’s “Trusted Access for Cyber” program, this isn’t just a suggestion; it becomes mandatory starting June 1, 2026.
Beyond just the login process, the new mode adds a few more layers of privacy:
For most users, Advanced Account Security may be more protection than they need. But for people whose ChatGPT accounts contain sensitive work, research, sources, or personal data, the feature offers a stronger defense against phishing and account takeover attempts.
The safest move is also the least glamorous: set up more than one security key, store backup codes somewhere secure, and do not enable the feature until recovery planning is done.
For more on how this shift is reshaping the AI cloud race, check out our full breakdown of Amazon’s move to bring OpenAI models to AWS after Microsoft’s exclusivity ended, opening the door to a new multi-cloud era.
Aminu Abdullahi is a B2C and B2B technology and finance writer with more than six years of experience covering enterprise IT, cybersecurity, cloud computing, artificial intelligence, fintech, business software, and emerging technologies. His work has appeared in publications including TechRepublic, eWEEK, Channel Insider, Geekflare, Enterprise Networking Planet, eSecurity Planet, CIO Insight, and Webopedia. With a technical background in computer science, he specializes in translating complex technology topics into clear, accessible content for business leaders and decision-makers.
