Key Takeaways
In a move that raises the security standard for the artificial intelligence sector, OpenAI is rolling out an Advanced Account Security program for its ChatGPT and Codex users, replacing traditional passwords with high-security hardware keys through a partnership with Yubico. The collaboration aims to protect the increasingly sensitive data users entrust to AI platforms from sophisticated phishing and account takeover attacks.
"Security keys are one of the best ways to protect accounts from phishing, and Yubico has played a leading role in making that protection practical and accessible," Dane Stuckey, Chief Information Security Officer at OpenAI, said. "We’re making it easier for ChatGPT users to choose that same kind of phishing-resistant protection when it’s right for them."
The new opt-in security tier eliminates passwords entirely, requiring users to authenticate with a physical security key or a software-based passkey stored on a device. To facilitate adoption, OpenAI is offering a custom two-pack of Yubico's YubiKeys for $68, which includes a YubiKey C NFC for mobile and a YubiKey C Nano for laptops. The program mirrors Google's Advanced Protection Program, signaling a broader industry trend toward hardware-backed security for high-risk users.
The move underscores the growing value and sensitivity of data held within AI accounts, which can range from personal conversations to confidential work projects. For Yubico (NASDAQ STOCKHOLM: YUBICO), the high-profile partnership provides a significant endorsement and a new sales channel, while for OpenAI, it sets a new security benchmark that could pressure rivals like Google and Microsoft to implement similar measures across their AI offerings.
Enrolling in the program, available in the account settings, is a deliberate process designed for security-conscious users like journalists, researchers, and activists. Users must register at least two security keys or passkeys, one of which serves as a backup.
Crucially, the feature removes conventional account recovery methods that are vulnerable to social engineering. Users will no longer be able to recover accounts via email or SMS, and OpenAI's own support staff will not have the ability to restore access. Instead, users are given backup recovery keys during enrollment that must be stored securely.
"This partnership with OpenAI delivers the highest level of protection against phishing with a low friction user experience," Jerrod Chong, Chief Executive Officer at Yubico, said.
The enhanced security comes with trade-offs. Sign-in sessions are shorter, meaning users will need to authenticate more frequently, although the low-profile YubiKey C Nano is designed to remain in a laptop port to simplify daily logins.
The most significant change is the shift in responsibility. With the removal of support-led recovery, users are solely responsible for maintaining access to their accounts. Losing all registered keys and recovery codes could result in permanent loss of account access. The program also automatically opts users out of having their conversations used for AI model training, a setting that can be managed in data controls.
This article is for informational purposes only and does not constitute investment advice.
