On April 30, 2026, OpenAI announced Advanced Account Security, described as an opt-in bundle of protections against unauthorized access to ChatGPT accounts—and, once enrolled, to Codex accessed through the same login.
What enrollment changes
According to OpenAI’s announcement:
- Sign-in: Advanced Account Security requires passkeys or physical security keys and disables password-based login.
- Recovery: Email and SMS recovery are disabled. Recovery relies on backup passkeys, security keys, and recovery keys. Because of this, OpenAI states that OpenAI Support will not be able to assist with account recovery for users enrolled in Advanced Account Security.
- Sessions: Sessions are shortened, users receive login alerts, and they can review active sessions across devices.
- Training: With Advanced Account Security enabled, conversations from those accounts are automatically excluded from model training (OpenAI describes this automatic exclusion as tied to enrollment).
OpenAI positions the feature for users at elevated risk—including journalists, elected officials, dissidents, researchers, and security-conscious individuals—and notes enrollment under ChatGPT account Security settings on web.
Trusted Access for Cyber
OpenAI writes that individual members of Trusted Access for Cyber using its most permissive cyber-capable models must enable Advanced Account Security beginning June 1, 2026, unless their organization attests to phishing-resistant authentication via SSO.
Hardware keys partnership
OpenAI describes a partnership with Yubico to offer preferred pricing on a bundled YubiKey C Nano and YubiKey C NFC, while noting users may still use other FIDO-compliant keys or software passkeys.
Primary source: OpenAI, April 30, 2026 — Introducing Advanced Account Security.