OpenAI Launches Advanced Account Security for ChatGPT Users

Severity: Medium (Score: 57.8)

Sources: Decrypt.Co, Openai

Summary

On April 30, 2026, OpenAI introduced Advanced Account Security, an opt-in feature for ChatGPT accounts aimed at users facing higher risks of digital attacks. This new security setting requires passkeys or physical security keys for sign-in, eliminating password-based logins and restricting account recovery methods to more secure options. The initiative responds to the increasing use of ChatGPT for sensitive tasks, emphasizing the need for stronger protections for high-stakes users such as journalists and political dissidents. The feature centralizes security controls and includes shorter sign-in sessions, alerts for logins, and automatic exclusion of conversations from model training. OpenAI has partnered with Yubico to offer discounted security keys to enhance user protection. The rollout also affects members of OpenAI’s “Trusted Access for Cyber” program, who must enable this feature by June 1, 2026. The announcement comes amid a rise in phishing attacks targeting users. Key Points: • Advanced Account Security requires passkeys or physical security keys, removing password logins. • Account recovery is restricted to backup passkeys and security keys, with no support from OpenAI for recovery. • The feature is designed for users at higher risk, including journalists and political dissidents.

Key Entities

• Phishing (attack_type)
• T1566 - Phishing (mitre_attack)
• GitHub (platform)