OpenAI introduced Advanced Account Security for ChatGPT in April 2026, allowing users to replace passwords with passkeys or hardware security keys. The update aims to prevent account takeovers and improve protection for users handling sensitive data.
As AI tools become more integrated into daily workflows, user accounts are storing increasingly sensitive personal and professional data. This makes them attractive targets for cyberattacks, particularly those exploiting weak or stolen passwords.
In response, companies are adopting stronger authentication methods such as passkeys and hardware-based security keys. These technologies reduce reliance on traditional passwords and improve resistance to phishing and credential theft.
What is OpenAI’s Advanced Account Security feature?
OpenAI’s Advanced Account Security is an optional setting that replaces passwords with passkeys or physical security keys for ChatGPT and Codex accounts.
Once enabled, users must authenticate using stronger, phishing-resistant methods instead of traditional email-and-password logins. The feature is designed for users who need higher levels of protection, including those handling sensitive information.
OpenAI (2026) states that the system “requires passkeys or physical security keys while disabling password-based login,” making secure authentication the default for enrolled users.
How do passkeys improve account security?
Passkeys improve security by eliminating passwords, which are one of the most common entry points for cyberattacks.
Unlike passwords, passkeys are stored on a user’s device and cannot be easily stolen through phishing or database breaches. Hardware security keys provide an additional layer of protection by requiring physical authentication.
What changes when users enable Advanced Account Security?
Enabling the feature introduces stricter controls, including limited recovery options and shorter login sessions.
Email and SMS-based account recovery are disabled, requiring users to rely on backup passkeys, security keys, or recovery codes. OpenAI also cannot assist with account recovery if these methods are lost.
The system also shortens session durations and provides login alerts, allowing users to monitor account activity more closely.
Why is OpenAI strengthening ChatGPT security now?
OpenAI is strengthening security as ChatGPT becomes widely used for high-stakes and sensitive tasks.
As adoption grows, accounts increasingly contain confidential data, making them targets for hackers. Strengthening authentication helps protect users and maintain trust in AI platforms.
The company noted that AI tools are now used for “personal and professional context,” increasing the need for stronger protections against cyber threats.
What happens next?
OpenAI will continue rolling out Advanced Account Security to more users throughout 2026. Starting June 1, the feature will be required for participants in its Trusted Access for Cyber program, signaling a broader shift toward passwordless authentication across AI platforms.
To see how AI platforms are expanding into security and infrastructure, read “OpenAI Expands Cyber Defense Access With GPT-5.4-Cyber”. It explains how the company is building safeguards around advanced AI systems.
