OpenAI adds advanced account security for ChatGPT and Codex users

OpenAI has turned ChatGPT access into something closer to a high-security workplace credential. Its new Advanced Account Security setting, announced April 30, requires passkeys or physical security keys, disables password-based login, and extends to Codex accounts that use the same sign-in.

That matters because AI accounts increasingly sit on top of company data, customer records, code, and confidential documents. A stolen ChatGPT login is no longer just a nuisance. It can become a data exposure, a compliance headache, or an open door to unauthorized usage charges. For employers such as NlckySolutions, the rollout is a reminder that AI identity protection now belongs in the same conversation as email security and cloud access.

OpenAI is aiming the feature at people most likely to be targeted by digital attacks, including journalists, elected officials, political dissidents, and researchers. The setup is stricter than normal account protection. Enrolling requires at least two secure sign-in methods, including one that works across devices. After setup, users are signed out of all devices and must sign in again. OpenAI also shortens sessions, alerts users when a login occurs, and lets them review and manage active sessions.

Recovery is where the tradeoff gets sharp. Email and SMS recovery are disabled for enrolled accounts. Instead, users rely on backup passkeys, security keys, and recovery keys. OpenAI says support cannot recover an account if all sign-in methods and recovery keys are lost. That is the point of the feature: stronger protection in exchange for stricter recovery rules. OpenAI also says conversations are not used to train its models while Advanced Account Security is enabled.

The company’s broader security and privacy page says it monitors for suspicious activity and encrypts user content at rest and in transit. It has also partnered with Yubico on custom phishing-resistant YubiKeys for OpenAI users, underscoring how seriously it is treating account protection as AI use spreads deeper into daily work.

For workers and managers at NlckySolutions, the practical lesson is clear. If staff are using ChatGPT or Codex for internal planning, writing, analysis, or code, those accounts need the same level of scrutiny as any other sensitive corporate login. IT teams may need to update guidance on how employees enroll, what data can be entered, how credentials are stored, and what happens if someone loses access. As AI becomes part of ordinary office life, account security is becoming part of ordinary job readiness.