The update replaces traditional password-based access with passkeys or physical security keys, a move intended to reduce exposure to phishing attempts. It also removes email and SMS-based account recovery, requiring users to rely instead on backup passkeys, recovery keys, or hardware devices. OpenAI noted that support teams will not be able to assist with account recovery for users who opt into the stricter system.
The feature shortens login session durations and adds alerts for new sign-ins, while giving users visibility into active sessions across devices. It also automatically excludes conversations from model training, a setting aimed at users working with sensitive information.
OpenAI has partnered with hardware authentication provider Yubico to offer discounted security keys, including two co-branded devices designed for daily and backup use. The company said users can also choose other FIDO-compliant keys or software-based passkeys.
The rollout comes as AI platforms increasingly serve as hubs for both personal and enterprise workflows, storing data that can include proprietary business information or private communications. In a statement tied to the partnership, Yubico CEO Jerrod Chong said the goal is “to drastically reduce the threat of unauthorized access to sensitive data in OpenAI accounts worldwide.”
OpenAI said the new protections are part of a broader cybersecurity initiative and will become mandatory for some participants in its Trusted Access for Cyber program starting June 1, 2026.
This analysis is based on reporting from OpenAI.
Image courtesy of SQ Magazine.
This article was generated with AI assistance and reviewed for accuracy and quality.
