OpenAI Rolls Out Advanced Security for ChatGPT Accounts
OpenAI has introduced an opt-in Advanced Account Security feature for ChatGPT users at higher risk of targeted attacks. This feature disables password-based login in favor of physical security keys or passkeys, enhances account recovery with backup passkeys and recovery keys, shortens session durations, and excludes enrolled users' conversations from AI training. It is designed for users such as journalists, researchers, and political dissidents who require stronger account protections. Once enabled, OpenAI support cannot assist with account recovery. This feature also applies to users of OpenAI’s Codex vulnerability scanner.
AI Analysis
Technical Summary
The Advanced Account Security feature for ChatGPT accounts replaces traditional password logins with stronger authentication methods requiring physical security keys or passkeys. It improves account recovery by eliminating email- and SMS-based methods, instead using backup passkeys and recovery keys, though this limits support recovery options. Session lengths are shortened to reduce takeover risks, and users receive login alerts and session management capabilities. Additionally, conversations from enrolled users are excluded from AI model training. This security enhancement targets users at increased risk of targeted hacking and is opt-in.
Potential Impact
The feature reduces the risk of account compromise by eliminating password-based authentication and less secure recovery methods. Shortened sessions and login alerts further mitigate account takeover risks. However, users must manage their recovery keys carefully as OpenAI support cannot assist with recovery once Advanced Account Security is enabled. The exclusion of user conversations from AI training protects user privacy and data confidentiality. There are no known exploits in the wild related to this feature.
Mitigation Recommendations
Users at higher risk of targeted attacks are encouraged to opt in to Advanced Account Security to benefit from stronger authentication and recovery methods. Since this is an opt-in feature, no immediate action is required for general users. OpenAI manages this feature and provides a dedicated enrollment page. Users should securely store their recovery keys, as OpenAI support cannot recover accounts with this feature enabled. Patch status is not applicable as this is a new security feature rollout rather than a vulnerability patch.
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
Description
OpenAI has introduced an opt-in Advanced Account Security feature for ChatGPT users at higher risk of targeted attacks. This feature disables password-based login in favor of physical security keys or passkeys, enhances account recovery with backup passkeys and recovery keys, shortens session durations, and excludes enrolled users' conversations from AI training. It is designed for users such as journalists, researchers, and political dissidents who require stronger account protections. Once enabled, OpenAI support cannot assist with account recovery. This feature also applies to users of OpenAI’s Codex vulnerability scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Advanced Account Security feature for ChatGPT accounts replaces traditional password logins with stronger authentication methods requiring physical security keys or passkeys. It improves account recovery by eliminating email- and SMS-based methods, instead using backup passkeys and recovery keys, though this limits support recovery options. Session lengths are shortened to reduce takeover risks, and users receive login alerts and session management capabilities. Additionally, conversations from enrolled users are excluded from AI model training. This security enhancement targets users at increased risk of targeted hacking and is opt-in.
Potential Impact
The feature reduces the risk of account compromise by eliminating password-based authentication and less secure recovery methods. Shortened sessions and login alerts further mitigate account takeover risks. However, users must manage their recovery keys carefully as OpenAI support cannot assist with recovery once Advanced Account Security is enabled. The exclusion of user conversations from AI training protects user privacy and data confidentiality. There are no known exploits in the wild related to this feature.
Mitigation Recommendations
Users at higher risk of targeted attacks are encouraged to opt in to Advanced Account Security to benefit from stronger authentication and recovery methods. Since this is an opt-in feature, no immediate action is required for general users. OpenAI manages this feature and provides a dedicated enrollment page. Users should securely store their recovery keys, as OpenAI support cannot recover accounts with this feature enabled. Patch status is not applicable as this is a new security feature rollout rather than a vulnerability patch.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/openai-rolls-out-advanced-security-for-chatgpt-accounts/","fetched":true,"fetchedAt":"2026-05-04T09:36:22.284Z","wordCount":936}
Threat ID: 69f86896cbff5d8610fce594
Added to database: 5/4/2026, 9:36:22 AM
Last enriched: 5/4/2026, 9:36:29 AM
Last updated: 5/4/2026, 3:42:35 PM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.