OpenAI introduces Advanced Account Security (AAS) for ChatGPT, a hardware-based, opt-in protection using YubiKeys to fight phishing.

Users can buy co-branded YubiKeys in a discounted $68 two-pack through OpenAI channels, in collaboration with Yubico.

AAS requires backup keys and carries the risk of access loss if a key is lost, since OpenAI cannot recover a lost key.

Starting June 1, a subset of users, including Trusted Access for Cyber members, must enable AAS due to higher-sensitivity access.

The mandate targets high-stakes users such as journalists, dissidents, researchers, and officials, reflecting a tiered security approach.

AAS is pitched as especially suitable for political dissidents, journalists, researchers, elected officials, and enterprise users handling sensitive information.

Sign-in sessions are shortened to reduce risk if a device is compromised, and users receive login alerts with dashboards showing active sessions.

The move addresses rising chatbot phishing, arguing hardware-based authentication balances stronger security with user convenience over time.

Enabling AAS makes users opt out of OpenAI model training for their conversations, while other users retain the ability to opt in or out.

OpenAI frames AAS as bank-grade security for ChatGPT accounts, balancing protection with accessible security options for a broad user base.

AAS is part of a broader industry shift toward stronger AI security, alongside peers like Anthropic and OpenAI’s defense framework.

The higher-security mode is available to all users, supporting two hardware keys, two passkeys, or one of each, and disables password-based logins and account recovery by email.