OpenAI's Advanced Account Security is a new opt-in setting that replaces password-based login with passkeys or hardware security keys, disables weak recovery options, shortens sessions, and excludes your conversations from model training. It launched April 30, 2026, and it is the strongest account protection OpenAI has ever offered.
What does Advanced Account Security actually do?
Advanced Account Security bundles four protections behind a single toggle in your ChatGPT settings.
First, it requires passkeys or physical security keys for every login. Passwords are turned off entirely, which removes the most common attack surface: phishable credentials. Second, it disables email and SMS account recovery. Those channels are vulnerable to SIM-swapping and inbox compromise, so the setting replaces them with backup passkeys, backup security keys, and recovery keys you generate yourself. Third, it shortens active sign-in sessions. If someone gains access to your device or intercepts a session token, the window of exposure shrinks. Fourth, conversations from accounts with this setting are automatically excluded from OpenAI's model training data, giving you an extra layer of privacy.
If you are new to AI tools and want to understand the basics first, start with our beginner's playbook before diving into account settings.
Why should beginners care about this?
Most people treat their ChatGPT account like a throwaway tool. But think about what you actually paste in there: business ideas, client emails, personal reflections, code with API keys, financial plans. Your ChatGPT history is, in many cases, more sensitive than your email inbox.
OpenAI built this feature for journalists, elected officials, political dissidents, and researchers. But you do not need to be a high-profile target to benefit. If you have ever pasted a contract, a bank statement, or a private conversation into ChatGPT, your account holds data worth protecting. The comparison between ChatGPT, Claude, and Gemini covers how each platform handles your data differently, which matters when you are choosing where to put sensitive material.
Starting June 1, 2026, members of OpenAI's Trusted Access for Cyber program will be required to enable this setting. That mandate signals where the industry is heading.
How do passkeys work (in plain language)?
A passkey is a cryptographic credential stored on your device (phone, laptop, or password manager) that proves your identity without transmitting a password. When you log in, your device creates a unique signature that only works for that specific site. There is nothing to type, nothing to remember, and nothing a phishing page can steal.
You may already use passkeys for Google, Apple, or GitHub. The same device or password manager can create one for OpenAI. If you prefer a physical key, OpenAI partnered with Yubico to offer a custom YubiKey bundle at preferred pricing. But any FIDO2-compatible passkey works. You do not need to buy new hardware.
Passkeys are part of the FIDO2 standard maintained by the FIDO Alliance, the same framework behind passwordless login at hundreds of major services. If you want to understand how AI tools fit into your daily workflow beyond security, our guide on ChatGPT workflows that save 5 hours a week is a good next step.
How do I turn it on?
The setup takes about five minutes.
- Open ChatGPT and go to Settings > Security.
- Find Advanced Account Security and toggle it on.
- Register at least one passkey (your phone's biometric or a password manager both work).
- Set up at least two backup methods: a second passkey, a hardware security key, or a recovery key.
- Confirm activation.
Once enabled, password login is disabled and email/SMS recovery is removed. Make sure your backup methods are stored safely before you flip the switch. Write down your recovery key and keep it somewhere offline, like a locked drawer or a safe.
If you are just getting started with AI and want a broader view of the beginner-friendly resources we cover, that pillar page is the best starting point.
What this means going forward
OpenAI making passkeys the centerpiece of account security is not surprising. Passwords are the weakest link in every system. What is notable is the bundled approach: security, privacy (training data exclusion), and session management in one setting. It suggests OpenAI expects a growing share of users to store genuinely sensitive material in ChatGPT and is building the infrastructure to match.
For those of us running businesses on top of AI tools, this is a welcome shift. We use ChatGPT and Claude daily across teams, and the question of "who can access these conversations" matters more each quarter.
If you are exploring AI for the first time, or you have been using it casually and want to get more serious, locking down your account is a smart early move. It costs nothing, takes five minutes, and protects everything you will build from here.
Join AI Masterminds to connect with others learning to use AI tools effectively, from security basics to advanced workflows.
FAQ
What is OpenAI Advanced Account Security?
Advanced Account Security is an opt-in setting for ChatGPT accounts that OpenAI launched on April 30, 2026. It bundles several protections into one toggle: passkey or hardware security key login (passwords are disabled), no email or SMS account recovery, shorter sign-in sessions, and automatic exclusion of your conversations from OpenAI's model training data. It is designed for users who face elevated digital risk, but anyone can enable it.
Do I need to buy a YubiKey to use Advanced Account Security?
No. You can use a passkey stored on your phone, laptop, or password manager instead. OpenAI partnered with Yubico to offer a custom YubiKey bundle at preferred pricing, but a hardware key is optional. Any FIDO2-compatible passkey works. If you already use passkeys for Google or Apple, the same device or manager can generate one for OpenAI.
Will turning on Advanced Account Security delete my chat history?
No. Your existing conversations stay intact. The setting changes how you log in and how future conversations are handled for training. Once enabled, new conversations are automatically excluded from model training. Your old history remains accessible in your account as before.
Who should enable Advanced Account Security?
OpenAI specifically mentions journalists, elected officials, political dissidents, and security researchers. But if you paste client data, personal finances, medical details, or business strategy into ChatGPT, you benefit too. Starting June 1, 2026, members of OpenAI's Trusted Access for Cyber program will be required to enable it.
What happens if I lose my passkey or security key?
Because Advanced Account Security disables email and SMS recovery, you need backup methods ready before you enable it. OpenAI supports backup passkeys, backup security keys, and recovery keys. Set up at least two backup methods during activation so you are never locked out of your account.