OpenAI Rolls Out Advanced Security for ChatGPT Accounts

OpenAI has introduced a new security feature, Advanced Account Security, aimed at enhancing the protection of ChatGPT user accounts, particularly for those at a higher risk of targeted attacks. This opt-in feature is especially beneficial for individuals such as journalists, researchers, political dissidents, and elected officials who rely on ChatGPT for sensitive tasks.

What Happened

The Advanced Account Security feature focuses on four primary areas to bolster account safety:

  • Enhanced Login Methods: Password-based logins are disabled, requiring users to utilize physical security keys or passkeys for authentication. OpenAI has partnered with Yubico to provide discounted YubiKey devices.
  • Secure Account Recovery: Traditional email and SMS recovery options are replaced with backup passkeys and recovery keys, enhancing the security of account recovery processes. However, users should note that once these options are activated, OpenAI's support team will not be able to assist with account recovery.
  • Shortened Sign-In Sessions: The duration of sign-in sessions has been reduced to minimize the risk of account takeovers in the event of session or device compromises.
  • Automatic Training Exclusion: Conversations from users who enroll in this feature will not be utilized for training AI models, ensuring greater privacy.

Why It Matters

The introduction of Advanced Account Security is a significant step in addressing the growing concerns around account security in an era where cyber threats are increasingly sophisticated. By implementing stronger authentication methods and enhancing recovery processes, OpenAI aims to protect its users from potential breaches that could compromise sensitive information.

Affected Users or Organizations

📬 Stay ahead of the threat

Get the latest SOC guides, threat intel, and detection engineering — straight to your inbox.

This new security feature is particularly relevant for users who engage with ChatGPT for sensitive work, including:

  • Journalists who may face targeted attacks due to their reporting.
  • Researchers handling confidential data.
  • Political dissidents operating under oppressive regimes.
  • Elected officials requiring secure communication channels.

Recommended Actions

Organizations and individuals using ChatGPT should consider the following actions to enhance their security posture:

  • Enroll in the Advanced Account Security feature to benefit from its robust protection measures.
  • Utilize physical security keys or passkeys for authentication to minimize the risk of unauthorized access.
  • Review and implement secure account recovery options to ensure that access can be regained without compromising security.
  • Regularly monitor active sessions and logins to detect any suspicious activity promptly.

As cyber threats continue to evolve, adopting proactive security measures is essential for safeguarding sensitive information and maintaining user trust.