ChatGPT Finally Got Serious About Account Security.

OpenAI launched hardware key support for ChatGPT accounts this week. It's a real improvement. It's also an acknowledgment of something the security community has been saying for years: these accounts hold more sensitive data than most email inboxes, and for most of their existence, you could protect them with nothing more than a password you reused from a gym membership signup in 2019.

Let's talk about what actually happened, and then let's talk about the part that should bother you.

What OpenAI Actually Launched

On April 30, OpenAI rolled out what it's calling Advanced Account Security: an opt-in setting that replaces password-based login with passkeys or physical hardware security keys. You know, what other services just call "security." Once enabled, password login is permanently disabled and account recovery via email or SMS is gone. You're also opted out of model training and get alerts for new logins along with tools to see and end active sessions. To support hardware key adoption, OpenAI partnered with Yubico to sell co-branded YubiKeys — a two-pack for $68, roughly half the standard retail price.

The feature is available to everyone, including free-tier users. OpenAI says it's designed for journalists, political dissidents, researchers, and elected officials. They're right that those groups need it. They're probably underselling how many enterprise users also need it.

There's a real tradeoff buried in the setup: if you lose your keys and don't have backup credentials configured, OpenAI cannot help you recover access. Your conversation history goes with it. For some users that's an acceptable risk. For others, especially anyone using ChatGPT as an active working environment for drafts, research, or code, that's something to think through carefully before enrolling.

One group doesn't get a choice in the matter. Members of OpenAI's Trusted Access for Cyber program, which gives vetted security researchers access to its most capable models, are required to enable Advanced Account Security by June 1, 2026.

This Probably Shouldn't Be a Headline

Here's the thing. The coverage of this announcement treats it as a security win, and it is. Phishing-resistant hardware authentication is meaningfully better than password plus SMS. Yubico makes excellent hardware. The $68 bundle pricing removes a genuine friction point. OpenAI's CISO said they already use YubiKeys internally for employees, and it's good that the same protection is now accessible to users who want it. I own one myself, somewhere in this house. I haven't seen it in three years.

But pause for a second and ask what it says about this industry that we're writing news articles about a major AI platform adding basic strong authentication in 2026.

ChatGPT crossed 100 million users in January 2023. By early 2025, it had 900 million weekly active users and 50 million paying subscribers. For years, those users have been typing things into ChatGPT that they wouldn't write in a work email, say on a call, or put in a shared document. Legal questions. Medical symptoms. Strategic plans. Proprietary code. Business decisions. Personal crises. Business plans. The account sitting at the center of all that context was protected by whatever password the user happened to set, with basic MFA if they bothered.

The market knew these accounts had value. In early 2025, a threat actor posted on a dark web forum claiming to have credentials for 20 million OpenAI accounts and offered them for sale. OpenAI said it found no evidence of an internal system compromise; the credentials appear to have been harvested by infostealer malware on user devices, not from OpenAI's infrastructure. That distinction matters for attributing the breach, but it doesn't change what was at risk. Group-IB found over 100,000 compromised ChatGPT accounts circulating on dark web marketplaces as far back as mid-2023, mostly gathered by the same class of credential-stealing malware. Kaspersky tracked similar patterns. The threat wasn't hypothetical and it wasn't new.

And yet hardware-backed, phishing-resistant authentication for user accounts arrived this week.

What This Actually Tells You

When a company builds bank-grade authentication for a chatbot, it's telling you something about what the chatbot actually is. Not a toy, not a search engine novelty, not a writing assistant you use for cover letters. A primary work tool that holds sensitive context across sessions and sits at the center of workflows that include connected APIs, code execution, and in some configurations, screenshots of your desktop.

The framing that AAS is designed for "high-value individuals" like political dissidents and journalists is accurate but undersells the population that should care about this. Any professional who uses ChatGPT regularly for work-related conversations has built up an account that contains more sensitive material than they probably realize. The default mode for most of them has been: one password, maybe an authenticator app, and hope.

This is worth flagging for GRC practitioners specifically. If your organization allows employees to use ChatGPT for work tasks — and at this point most do, officially or otherwise — those personal accounts are a shadow data problem. They're outside your SSO perimeter, outside your DLP controls, and until this week, protected by consumer-grade authentication. Advanced Account Security doesn't fix the governance problem. But it does mean you have something to point employees toward when you're trying to get them to take it seriously.

The June 1 deadline for Trusted Access for Cyber members will be worth watching. It's the first real test of how OpenAI handles the tension between wanting enterprise adoption and requiring enterprise-grade security practices. If the SSO exception for organizations that can attest to phishing-resistant authentication through single sign-on works cleanly, security teams will probably be able to maintain centralized identity controls without forcing every employee onto a separate credential model inside ChatGPT. If it's clunky, expect friction.

For everyone else: the feature is available now in the Security section of your ChatGPT account settings. If you're a practitioner who keeps anything sensitive in there, the enrollment is worth the ten minutes. Just make sure you register a backup credential before you do. OpenAI will not be able to help you if you don't.

If you're thinking through which AI tools are appropriate for your organization's environment and risk tolerance, I've written a more detailed breakdown of the considerations: Is Claude Safe for Enterprise Use? A GRC Practitioner's Breakdown.