If you’ve ever worried about someone getting into your ChatGPT account, ChatGPT account, OpenAI has finally introduced something worth paying attention to.
The company has rolled out a new opt-in feature called Advanced Account Security, and it is exactly what it sounds like. You can now lock down your account using a physical security key, which is now available to regular ChatGPT users.
What happens when you turn it on
The feature bundles several protections together rather than making you hunt through settings menus. Password-based login is disabled entirely and replaced by passkeys or physical security keys. Session lengths get shorter, so a stolen login can’t be used indefinitely. You get alerts when someone signs into your account. And conversations from enrolled accounts are automatically excluded from model training — no need to dig around for that toggle separately.
The account recovery side is where things get serious. Email and SMS recovery are disabled, so if you lose your keys, OpenAI Support cannot help you regain access. The most common way accounts get hijacked is through compromised email or phone numbers, so cutting that off is a meaningful step up.
OpenAI is partnering with Yubico to make the hardware more accessible
Rather than just pointing users to Google search results, OpenAI has partnered with Yubico — one of the most trusted names in hardware authentication — to offer discounted bundles of YubiKeys. The bundle includes two keys: one small enough to live permanently in your laptop port, and one with NFC for mobile use. It’s a smart move. The biggest barrier to hardware-based security has always been the friction of getting started, and removing the pricing hurdle helps.
While this is a good initiative, here’s what I really think about it. Most casual ChatGPT users probably don’t need this yet. But the landscape is shifting. People are using ChatGPT for sensitive work conversations, legal research, medical questions, and business strategy. An account that holds months of that context is a valuable target. OpenAI offering this now, before a major account-breach headline forces their hand, is the right call — and it’s a sign that AI companies are starting to take security as seriously as the data they’re actually holding.