OpenAI rolls out stronger ChatGPT account security in partnership with Yubico

OpenAI is stepping up its focus on user protection by introducing Advanced Account Security (AAS), a new set of optional safeguards for ChatGPT accounts. The feature suite, announced on Thursday, is designed especially for high-risk users but is available to anyone seeking stronger account protection.

As part of this initiative, digital security firm Yubico revealed a partnership with OpenAI to integrate hardware-based authentication into ChatGPT accounts. The collaboration introduces two new co-branded security devices — the YubiKey C NFC and the YubiKey C Nano — aimed at defending users against phishing attacks, which are becoming an increasing concern for chatbot users.

OpenAI indicated that Advanced Account Security is particularly relevant to individuals such as journalists, researchers, political dissidents, and elected officials, who often handle sensitive or high-risk information. It may also appeal to enterprise users who rely on ChatGPT for handling confidential business data.

“Ultimately, we intend to drastically reduce the threat of unauthorised access to sensitive data in OpenAI accounts worldwide,” said Jerrod Chong in a statement announcing the partnership.

Security keys like YubiKeys are small physical devices that connect to computers via USB or wireless interfaces. Each key contains a unique cryptographic identifier, ensuring that only the individual who physically possesses the device can access the associated account. This adds a strong layer of protection beyond traditional passwords or two-factor authentication methods.

While concerns about compromised chatbot accounts may seem abstract, there is growing evidence that cybercriminals are increasingly targeting users of AI platforms. Because conversations with chatbots often include sensitive personal or professional details, these accounts can become valuable targets for data theft or extortion.

Security has become a broader priority across the AI sector. Recently, Anthropic introduced a cybersecurity-focused model called Mythos. OpenAI has also been expanding its efforts in this area, including the rollout of a new digital defence framework announced alongside its partnership with Yubico.

However, enhanced security comes with certain tradeoffs. If a user loses their hardware security key, OpenAI will not be able to restore access to the account. In such cases, users could permanently lose access to their stored conversations and data, highlighting the importance of safeguarding the physical key.