OpenAI Adds Advanced Account Security to ChatGPT
Infobae and Hipertextual report that OpenAI has launched an optional feature called Seguridad avanzada de la cuenta (Advanced Account Security) for ChatGPT and Codex. According to Infobae, the feature removes password-based sign-in and email/SMS recovery and requires users to register two physical security keys as the primary authentication method, a move Infobae links to a partnership with Yubico to offer discounted YubiKey bundles. Hipertextual frames the option as targeted at users "at higher risk of digital attacks," naming groups such as journalists, elected officials, dissidents, and researchers. Both outlets report the setting is voluntary and intended to reduce phishing and account-takeover risk for accounts that may hold sensitive personal or professional context.
What happened
Infobae reports that OpenAI has introduced an optional feature called Seguridad avanzada de la cuenta (Advanced Account Security) for ChatGPT and Codex. Per Infobae, the feature disables password sign-in and account recovery via email or SMS and requires users to register two physical security keys for authentication. Hipertextual reports OpenAI framing the feature as aimed at users who may accumulate "sensitive personal and professional context" in their accounts and cites examples including journalists, elected officials, political dissidents, and researchers.
Technical details
Infobae and Hipertextual describe three core controls implemented when Advanced Account Security is enabled:
- •It disables email- and SMS-based sign-in codes (reported by Hipertextual).
- •It disables traditional password sign-in and password-based recovery (reported by Infobae).
- •It requires registration of two physical security keys as the authentication mechanism (reported by Infobae).
Infobae also reports an OpenAI partnership with Yubico to offer discounted YubiKey packages to users who opt into the feature.
Industry context
Editorial analysis: Companies providing protections for high-risk users commonly require hardware-backed multi-factor authentication and remove weaker recovery paths, a pattern seen previously at major platforms. This pattern reduces successful phishing and SIM-swap attacks but raises operational and onboarding friction for end users and organizations that must provision and manage hardware keys.
What to watch
Industry observers and practitioners should track adoption signals among security-sensitive user groups, availability of discounted hardware-key bundles, and whether enterprise and platform integrations (for example single sign-on or device management) are documented. Also monitor documentation from OpenAI for key-rotation, lost-key recovery procedures, and any guidance on integrating hardware-key management with organizational identity tooling.
Practical takeaway for practitioners
Editorial analysis: For security teams evaluating risk controls for AI platform accounts, the architecture described by Infobae and Hipertextual reflects a higher-assurance authentication model: hardware-backed keys plus removal of fallback channels. That model is effective against many account-takeover vectors but requires operational policies for key provisioning, backup keys, and user education.
Scoring Rationale
This is a notable security advance for AI platform accounts with clear operational implications for security teams and high-risk users. It is not a broad platform change or model release, so its industry impact is meaningful but targeted.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
