Passwords are so 2024. On April 30th, OpenAI launched “Advanced Account Security” (AAS) — an opt-in security package for ChatGPT accounts that completely disables password-based login and replaces it with passkeys and physical security keys.
What’s in the box?
AAS bundles several protections: stronger sign-in safeguards, tighter account recovery, reduced exposure from compromised sessions, and more visibility into account activity. The key point: once you enable AAS, you can only log in via passkey or physical security key. Passwords? Disabled.
On top of that, there’s a partnership with Yubico. The two companies are releasing co-branded YubiKeys — the YubiKey C NFC and the YubiKey C Nano — marketed specifically at ChatGPT users.
Who is this for?
OpenAI has a clear target audience: political dissidents, journalists, researchers, and elected officials. People who work with sensitive topics and are particularly attractive targets for phishing attacks. But AAS is available to anyone — which is an important signal for the future of AI security.
Because phishing is a growing problem in the AI era. The more sensitive information ends up in chatbot conversations, the more valuable those accounts become to attackers.
My take
OpenAI is doing the right thing at the right time here. AI chatbots are increasingly becoming their users’ digital memory — business strategies, personal notes, code snippets, it all ends up there. That OpenAI is proactively offering phishing-resistant login now, instead of waiting for the first major account breach, is a smart move. Whether the co-branded YubiKeys will actually sell is another question — but having the option doesn’t hurt.
Sources: