OpenAI has introduced a new protective feature called Advanced Account Security, aimed at users worried about potential phishing attacks on their ChatGPT or Codex accounts. This optional security enhancement enforces strict access controls, making it much harder for attackers to compromise accounts.
This initiative follows a trend in account security, similar to Google’s Advanced Protection which has been in place for nearly a decade. With the surge in AI services, there’s an increasing demand for robust protection mechanisms. OpenAI explains that as users engage with AI for personal and significant professional matters, their accounts may contain sensitive information, particularly for individuals like journalists, political figures, and researchers.
When users opt for Advanced Account Security, they can no longer rely on traditional passwords. Instead, they must use two physical security keys or passkeys to mitigate the risk of phishing attempts. The standard recovery methods via email or SMS are also eliminated; users will instead need recovery keys or backup passkeys. OpenAI has collaborated with Yubico to provide affordable security keys for users adopting this new feature.
Importantly, with Advanced Account Security enabled, users will not be able to receive assistance from OpenAI’s support team for recovery processes because the support staff won’t have access to recovery options. This measure is intended to thwart attackers from using social engineering tactics on support teams to gain account access.
Additionally, the security mode shortens login sessions, requiring users to log in again after a set timeframe. Users will receive alerts for any new logins, directing them to review active sessions. While all users can opt-out of having their ChatGPT interactions used for model training, this exclusion is automatically set for those using Advanced Account Security.
Moreover, members of OpenAI’s Trusted Access for Cyber program, which grants cybersecurity professionals and researchers early access to new models, must enable this advanced security feature by June 1, or provide alternative proof of secure authentication methods.
For more information, you can visit OpenAI’s blog on Advanced Account Security here.
