OpenAI · 2026-04-30 · major
OpenAI Advanced Account Security — Passkey-Only Logins and Co-Branded YubiKeys for ChatGPT
Opt-in tier for ChatGPT and Codex replaces passwords with two passkeys or two FIDO2 hardware keys, disables email/SMS recovery, and auto-opts users out of model training. $68 co-branded YubiKey two-pack.
OpenAI launches a phishing-resistant ChatGPT login mode with co-branded YubiKeys aimed at journalists, dissidents, and security defenders.
What is it?
Advanced Account Security (AAS) is a new opt-in mode for ChatGPT and Codex that replaces password authentication with two passkeys, two FIDO2 hardware security keys, or one of each. Once enabled, email and SMS recovery are permanently disabled, sessions are shortened, and the account is auto-opted-out of model training.
How does it work?
Users enroll two phishing-resistant credentials before they can log in. OpenAI's support team explicitly cannot recover an AAS-protected account if both credentials are lost. Yubico is selling co-branded YubiKey C NFC and YubiKey C Nano hardware keys as a $68 two-pack, less than half the $126 retail price.
Why does it matter?
Targets accounts whose ChatGPT history and tooling are high-value to attackers — journalists, political dissidents, researchers, and elected officials. OpenAI is making AAS mandatory for Trusted Access for Cyber program members by June 1, 2026.
Who is it for?
Journalists, dissidents, researchers, security defenders
Try it
Enroll under Settings → Security in ChatGPT