OpenAI adds Advanced Account Security with passkeys

• OpenAI added an opt-in Advanced Account Security mode for ChatGPT accounts that, according to OpenAI's launch post, extends to Codex accounts on the same login.
• The core change is phishing-resistant sign-in: cryps1s' summary and OpenAI's announcement both say enrollment requires passkeys or physical security keys and disables password-based login.
• Recovery gets much stricter, because rohanpaul_ai's thread notes that email and SMS recovery are shut off, while OpenAI's post says recovery falls back to backup passkeys, security keys, and recovery keys only.
• Enrolled accounts also get shorter sessions, login alerts, centralized session management, and automatic exclusion from model training, per cryps1s' launch thread and OpenAI's writeup.
• OpenAI paired the rollout with a Yubico bundle, and Yubico's announcement says it includes a YubiKey C NFC plus a YubiKey C Nano.

You can read OpenAI's full post, browse Yubico's hardware announcement, and check how rohanpaul_ai's recap frames the bigger shift: a ChatGPT login now protects chats, work context, connected tools, and sometimes genuinely sensitive material.

OpenAI packaged the highest-friction security settings into one switch. Once enabled, password login is gone, and so are email and SMS recovery paths.

The recovery tradeoff is unusually explicit. In OpenAI's post, the company says support cannot recover enrolled accounts, because recovery is limited to backup passkeys, security keys, and recovery keys.

The feature bundles account-hardening and privacy controls together. cryps1s' thread lists shorter sessions, login alerts, improved session visibility, and automatic exclusion from model training for enrolled accounts.

That last piece is the interesting extra. OpenAI is positioning the mode for high-risk users, but it also turns on a data-handling preference that normally sits elsewhere in product settings.

OpenAI is not just recommending security keys, it is distributing a preferred bundle through Yubico. Yubico's announcement says the pack includes a YubiKey C NFC for mobile and backup use plus a YubiKey C Nano meant to stay in a laptop.

The rollout also has one non-optional edge case. OpenAI's post says individual members of Trusted Access for Cyber must enable Advanced Account Security starting June 1, 2026, unless their organization can attest to phishing-resistant SSO.