OpenAI launches Advanced Account Security for ChatGPT with hardware keys and passwordless login

OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico | TechCrunch

OpenAI is getting serious about account security. The company on Thursday launched Advanced Account Security, a set of opt-in protections for ChatGPT users designed for high-value individuals -- but available to anyone who wants them. As part of that new program, digital security provider Yubico announced it has partnered with OpenAI to link two new security key products to ChatGPT accounts. The company said the partnership was designed to protect users from the threat of phishing, which is considered to be a growing threat for chatbot users. The two companies are releasing a pair of "co-branded" YubiKeys -- dubbed the YubiKey C NFC and the YubiKey C Nano. OpenAI has suggested that AAS is a good fit for political dissidents, journalists, researchers, and elected officials -- people who engage in politically charged and risky work. One would assume that it might make sense for enterprise users, whose corporate secrets are squirreled away in ChatGPT sessions. "Ultimately, our intent is to drastically reduce the threat of unauthorized access to sensitive data in OpenAI accounts worldwide," Yubico CEO Jerrod Chong said in press release announcing the deal. Security keys are small pieces of hardware that can be tied to digital accounts and enacted through a computer's USB ports. A unique cryptographic identifier lives on the key, which allows only the person in possession of it to log into a connected account. If the threat of phished ChatGPT accounts may seem somewhat abstract, there is a growing body of literature showing that bad actors are increasingly targeting chatbot users. Cybercriminals are always on the lookout for extortion-worthy information and, given the intimate nature of most chatbot conversations, there is plenty of fodder when it comes to both enterprise and personal-level users. Digital security is also becoming a bigger focus of the AI industry. Several weeks ago, Anthropic announced a new cybersecurity model called Mythos. Perhaps seeking to steal some of its competitor's thunder, OpenAI has also made a number of announcements related to digital security. Thursday's news of the Yubico partnership followed OpenAI's announcement that it's launching a new framework for digital defense. Of course, a security-key-enabled account does offer stronger protection, but it comes with a tradeoff: if the key is lost, OpenAI won't be able to help recover access. In practice, that means conversations could be lost for good.

OpenAI Rolls Out 'Advanced' Security Mode for At-Risk Accounts

For anyone who fears their ChatGPT and Codex accounts might be targeted by attackers, OpenAI announced on Thursday that it is adding an optional new level of account protection that adds an extra layer of security. Dubbed Advanced Account Security, the feature enforces strict access controls that would make account takeover attacks very difficult. Such measures are not a new idea in the realm of account security. Google, for example, has offered its Advanced Protection account security tier for nearly a decade. But as mainstream AI services rapidly proliferate around the world, there is a pressing need for an array of basic protections to be put in place. OpenAI says the launch is part of its broader cybersecurity strategy announced earlier this month. "People are turning to AI for deeply personal questions and increasingly high-stakes work," the company said on Thursday in a blog post. "Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows. For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher." People who enable Advanced Account Security can no longer use regular passwords on their accounts. Instead, they must add two physical security keys or passkeys to significantly reduce the risk of successful phishing attacks. The feature also eliminates email and SMS texts and routes for doing account recovery. Instead, users must use recovery keys, backup passkeys, or physical security keys. OpenAI says it has partnered with Yubico to offer lower-cost YubiKey bundles to Advanced Account Security users. Crucially, when a user turns on Advanced Account Security, they can no longer seek help from OpenAI's support team for account recovery, because support no longer has access or control over any of the recovery options. This way, attackers can't attempt to break into accounts by targeting support portals with social engineering attacks. Advanced Account Security also enforces shorter sign-in windows and sessions before a user has to log in again on a device. And it produces alerts anytime someone logs in to the locked down account, pointing to the dashboard for reviewing active ChatGPT and Codex sessions. Additionally, while OpenAI offers the option for any user to opt out of having their ChatGPT conversations used for model training, this exclusion is on by default for Advanced Account Security users. Members of OpenAI's Trusted Access for Cyber program, which gives cybersecurity professionals, researchers, and others advanced access to new models, will be required to enable Advanced Account Security beginning on June 1 or submit an alternative attestation that they implement phishing-resistant authentication through an enterprise single sign-on mechanism.

Your ChatGPT account just got more secure, but you have to opt in - here's how

Whether you use ChatGPT personally or professionally, you may share certain sensitive information and files in your conversations. And you certainly don't want that data falling into the wrong hands. But what can you do beyond creating a strong password and using two-factor authentication? Plenty, thanks to a new feature available to individual ChatGPT users. Known as Advanced Account Security, the new opt-in feature aims to tighten your account and safeguard your data. The option is aimed more at security-minded people such as political dissidents, journalists, elected officials, and researchers. But it's accessible to any ChatGPT user who wants to enhance protection against account takeovers and other threats. Also: I tested ChatGPT Images 2.0 vs. Gemini Nano Banana to see which is better - this model wins (Disclosure: Ziff Davis, ZDNET's parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.) With better safeguards in mind, Advanced Account Security offers four settings that cover different aspects of your account. The first setting requires you to use a passkey or physical security key to sign in. Another requires stronger methods to recover an account beyond email or SMS authentication. With the third setting, your active login session is shortened to reduce its exposure. The fourth setting automatically prevents your chats from being used for AI training. To enroll with Advanced Account Security, head to the enrollment web page and make sure you're signed in with your account. Click the Enroll button to kick off the process. Now, here's how each setting works. To prevent unauthorized account access via a stolen password, Advanced Account Security requires you to sign in with a passkey or physical security key. You can set up either method or both, though you need to establish two authentication methods. Also: I'm ditching passwords for passkeys for one reason - and it's not what you think As OpenAI recommends using a security key, the company has struck a deal with key-maker Yubico. Here, you can buy a bundle of two YubiKeys -- a YubiKey C NFC and a YubiKey C Nano -- for $68, almost half off the usual price of $126. But other keys are supported in case you already have your own. You can also use a passkey if you prefer. Whatever methods you choose, though, your existing password will no longer be accepted. Two-factor authentication is one way to help you recover your account if you can't otherwise log in. But the method you use makes a big difference. Email and SMS authentication are vulnerable to compromise. With Advanced Account Security, those two methods are disabled, forcing you to use backup passkeys, security keys, or recovery keys. As you set up Advanced Account Security, you'll be prompted to copy or download the recovery keys automatically generated by ChatGPT. The longer a login session remains active, the greater the opportunity for malware or another threat to hijack your account. With Advanced Account Security, your session is shortened, requiring you to authenticate more often than before. More frequent authentications serve to better secure your account credentials and data. Also: Privacy in the AI era is possible, says Proton's CEO, but one thing keeps him up at night By default, ChatGPT can use your conversations for training to better understand how to communicate like a human. But as that capability poses a risk to your privacy, you can manually disable it. However, Advanced Account Security automatically turns off AI training, so you don't have to turn it off yourself. After you've set up your preferences, just click the Enroll button to activate Advanced Account Security. You can then head to the ChatGPT chat page. But you'll be prompted to log in again with your new passkey or security key. Advanced Account Security also protects you in Codex if you use it to develop and fine-tune your own code. For now, the feature is available to free and paid ChatGPT users with their own accounts. But OpenAI said it expects to expand it to the enterprise crowd. Also: How to audit what ChatGPT knows about you - and reclaim your data privacy "As AI becomes increasingly embedded in our lives, it is more important than ever to ensure that users have the controls they need to help protect their privacy and security," OpenAI said in its news release. "Privacy and security are foundational to how we build all of our products, and we'll continue investing in protections that give people more control and stronger safeguards over time. We expect to extend this work to additional audiences, including enterprise environments, where stronger account security can matter just as much."

OpenAI's Advanced Account Protection Dumps Passwords for Security Keys

To stop the most determined hackers, OpenAI is introducing a new security mode for ChatGPT and Codex accounts that ditches traditional passwords for more secure alternatives. The opt-in setting is called "Advanced Account Security," and features hardware security keys and software-based passkeys for account logins. The company is rolling out the new mode via ChatGPT's web interface in Settings > Security, which leads users to a page that outlines the pros and cons of the feature, along with a 3-step process to enroll. The new setting -- also available at chatgpt.com/advanced-account-security -- doesn't require hardware-based security keys. However, the enrollment process includes a discounted custom bundle from security maker Yubico that offers two hardware security keys for $68, including the YubiKey C NFC and YubiKey C Nano. Security keys from other vendors are also supported. OpenAI designed the mode for "people at increased risk of digital attacks," which could include government officials, corporate executives, researchers, and human rights activists. The Advanced Account Security works by making a user's account resistant to phishing messages, password guessing, and SIM swap attacks, which is how hackers usually crack online accounts. The new security mode dumps the traditional login option via email address and passwords, which hackers can steal to break in. In addition, OpenAI's advanced security mode disables the account recovery route through email and text-based SMS codes, which can also be phished. Users must instead login through a hardware key -- a physical USB device -- or a software-based passkey, which resides on a device, whether it's a PC or smartphone. Neither security system can be stolen through a remote digital hack, making them a more secure alternative to traditional passwords. The new security mode is similar to Google's Advanced Protection Program, which dates back to 2017 and required users to own two hardware security keys (one Bluetooth, one USB) before the company expanded support for passkeys. Google introduced the program over a year after Russian state-sponsored hackers used a spear-phishing email attack to break into the Gmail account of John Podesta, chair of Hillary Clinton's 2016 presidential campaign. OpenAI says its advanced security program is not a response to a hacking incident but intended to preempt future threats. Both ChatGPT and OpenAI's coding product, Codex, have been gaining wide-scale adoption and can handle sensitive details, including users' personal chats and confidential work projects. "For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher," OpenAI notes. Of course, the new security mode comes with some trade-offs, especially for account recovery. OpenAI's Advanced Account Security is so locked down that the company itself won't be able to recover your account if you lose the hardware security keys or passkeys. That's why its enrollment process requires you to use at least two hardware security keys, or one hardware security key and one software-based passkey, with the extra key serving as a backup. Users can also enroll with two software-based passkeys, but one of them must be synced to the cloud via Google Password Manager or Apple's iCloud Keychain. For account recovery, OpenAI will issue backup recovery keys during enrollment. These strings of digits are meant to be stored in a safe place, enabling the user to recover their account on their own if all security keys and passkeys are lost. Another notable trade-off is that "sign-in sessions are shortened to reduce the window of exposure if a device or active session is compromised," the company says. So you'll probably need to log back in more frequently. OpenAI notes the security key bundle includes the YubiKey C Nano, which is "designed to stay in your laptop for simple, low-friction daily authentication." Logging back in with a passkey is also easy, since it's saved on the device. Advanced Account Security doesn't totally eliminate all hacking threats. For example, while a malware infection can't steal a passkey, let alone a hardware security key, the attack could still pave the way for a hacker to remotely hijack a computer, including its browser sessions. Another obvious attack vector is if your computer is stolen or seized by government authorities. Perhaps in response, OpenAI's new security mode lets you review and manage all active sessions across your account, giving you a way to see and disconnect devices that've logged in to your account. Users will also receive alerts when someone logs in to their account. In addition, Advanced Account Security automatically opts users out of exposing their data to AI model training, which can also be switched off by going to Settings > Data controls. If Advanced Account Security proves to be inconvenient, users can deactivate the feature. OpenAI also lets users pick and choose which extra safeguards they adopt; ChatGPT offers passkeys, hardware security key support, and multi-factor authentication in account settings.

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI has released a security feature for ChatGPT accounts that treats them the way banks treat online banking: hardware keys, no passwords, no email recovery, and no help from customer support if you lose access. The feature, called Advanced Account Security, is an opt-in setting that requires users to authenticate with two passkeys, two hardware security keys, or one of each before they can log in to ChatGPT or Codex. Once enabled, password-based login is permanently disabled, and recovering an account through email or text message is no longer possible. OpenAI has partnered with Yubico, the Swedish-American hardware authentication company, to sell co-branded YubiKeys bundled for $68, less than half the $126 retail price. The feature is available to everyone, including users on the free tier. The company says it is designed for journalists, political dissidents, researchers, and elected officials. But the fact that OpenAI built it at all is an acknowledgment that a ChatGPT account, for a growing number of people, now holds more sensitive information than their email. Advanced Account Security replaces every conventional login and recovery mechanism with cryptographic authentication. Users who enable it must register two separate credentials, choosing from passkeys stored on their device, YubiKeys or other FIDO2-compliant hardware tokens, or a combination. Each credential generates a unique cryptographic key pair that never leaves the device, which means there is no password to steal, no one-time code to intercept, and no recovery email that an attacker can compromise through social engineering. OpenAI has made the design trade-off explicit: its own support team cannot restore access to an account protected by Advanced Account Security if the user loses both credentials. The company issues a recovery key during setup, and if that key is also lost, the account is unrecoverable. The architecture is borrowed from the same zero-trust principles that protect classified government systems and cryptocurrency wallets, applied to a consumer chatbot. The feature includes several secondary protections. Sign-in sessions are shortened, reducing the window during which a stolen session token could be exploited. Users receive alerts for every new login and can view and terminate active sessions from their account settings. And enabling Advanced Account Security automatically opts the user out of model training, meaning their conversations will not be used to improve future versions of ChatGPT. That last detail is significant: it links the highest level of account protection to the highest level of data privacy, creating a tier of user whose interactions with the system are both cryptographically secured and contractually excluded from OpenAI's training pipeline. For users handling sensitive material, the combination addresses two concerns simultaneously. The security upgrade arrives in a context that makes its purpose clear. In 2024, Group-IB, the Singapore-based cybersecurity firm, identified more than 100,000 stolen ChatGPT credentials circulating on dark web marketplaces, harvested from devices compromised by information-stealing malware. Those credentials gave anyone who purchased them full access to the victim's chat history, which for many users included confidential work conversations, personal queries, and information that would be damaging if exposed. A separate breach involving Mixpanel, a third-party analytics provider, exposed ChatGPT user names, email addresses, and technical metadata that could be used for targeted phishing campaigns. The industry's broader push toward passwordless authentication has been driven by the recognition that passwords are the single largest attack surface in consumer technology: an estimated 46 per cent of all successful cyberattacks on small and medium businesses in 2026 will originate from credential reuse, according to industry research. ChatGPT's vulnerability is distinctive because of what the accounts contain. An email account holds messages. A banking account holds transaction records. A ChatGPT account holds the unfiltered questions a person asks when they believe no one is watching: medical symptoms, legal exposure, relationship problems, business strategies, code with proprietary logic, and conversations with an AI system that remembers context across sessions. OpenAI's Codex Chronicle feature, which periodically captures screenshots of a user's desktop and sends them to OpenAI's servers for processing, has made the data stakes even higher for users who opt in. The company is simultaneously expanding the volume of sensitive information its products collect and building the security infrastructure to protect it. Advanced Account Security is the protection side of that equation. The partnership with Yubico is commercial and strategic. The two co-branded products, the YubiKey C NFC and the YubiKey C Nano, are physically identical to Yubico's existing product line but carry OpenAI branding and are sold through OpenAI's channels at a subsidised price. The C NFC model supports both USB-C and near-field communication, allowing it to work with laptops, phones, and tablets. The C Nano model is small enough to remain permanently inserted in a USB-C port. Both support FIDO2, the authentication standard developed by the FIDO Alliance that underpins passkeys and is backed by Apple, Google, and Microsoft. The $68 bundle for two keys represents a meaningful discount: a single YubiKey C NFC retails for approximately $55, making the bundle effectively a buy-one-get-one offer. OpenAI's decision to subsidise hardware authentication for its users reflects a calculation about the cost of account compromises. A high-profile breach of a ChatGPT account belonging to a journalist, government official, or corporate executive would generate reputational damage that far exceeds the cost of discounted security keys. By making hardware authentication cheap and accessible, OpenAI is shifting the security burden from a password that can be phished to a physical object that must be stolen. The strategy mirrors what Google implemented internally in 2017, when the company distributed YubiKeys to all 85,000 employees and subsequently reported zero successful phishing attacks against employee accounts. OpenAI is applying the same logic to its user base, though on an opt-in rather than mandatory basis, with one exception: members of the Trusted Access for Cyber programme, which grants verified security researchers and defenders access to OpenAI's most capable cybersecurity models, will be required to enable Advanced Account Security by 1 June 2026. The deeper significance of Advanced Account Security is not the feature itself but what it implies about the category. When a company builds bank-grade security for a chatbot, it is telling you that the chatbot is no longer a toy. OpenAI now operates a six-tier subscription structure that ranges from a free ad-supported account to custom enterprise contracts, with 50 million paying subscribers and 900 million weekly active users. A meaningful fraction of those users treat ChatGPT as a primary work tool, a confidential advisor, or both. The conversations stored in those accounts are, in aggregate, one of the most valuable datasets of human intent ever assembled: what people want to know, what they are worried about, what they are building, and what they are hiding. Protecting that dataset is not a feature. It is a business requirement. The opt-in model is both a strength and a limitation. Users who need Advanced Account Security the most, dissidents in authoritarian countries, journalists investigating powerful institutions, executives discussing unreleased products, are also the users most likely to enable it. But the vast majority of ChatGPT's 900 million weekly users will never toggle the setting, which means their accounts will remain protected by whatever password they chose when they signed up, reused from another service, and have not changed since. AI-powered phishing campaigns can now generate hundreds of targeted messages per minute, each tailored to a specific victim, and the most common entry point remains a stolen or guessed password. OpenAI has built the infrastructure to protect accounts that matter. Whether the accounts that do not opt in will become the easier targets is a question the feature does not answer. What it does answer, clearly, is that OpenAI considers a ChatGPT account to be a high-value asset worth defending with the same tools used to protect state secrets and financial systems. The company that made it easy for anyone to talk to an AI has now made it possible for anyone to lock that conversation behind hardware that cannot be phished. The gap between those two populations will determine how the next wave of AI-related breaches unfolds.

You can now protect your ChatGPT account with a special USB-key

If you've ever worried about someone getting into your ChatGPT account, ChatGPT account, OpenAI has finally introduced something worth paying attention to. The company has rolled out a new opt-in feature called Advanced Account Security, and it is exactly what it sounds like. You can now lock down your account using a physical security key, which is now available to regular ChatGPT users. What happens when you turn it on The feature bundles several protections together rather than making you hunt through settings menus. Password-based login is disabled entirely and replaced by passkeys or physical security keys. Session lengths get shorter, so a stolen login can't be used indefinitely. You get alerts when someone signs into your account. And conversations from enrolled accounts are automatically excluded from model training -- no need to dig around for that toggle separately. The account recovery side is where things get serious. Email and SMS recovery are disabled, so if you lose your keys, OpenAI Support cannot help you regain access. The most common way accounts get hijacked is through compromised email or phone numbers, so cutting that off is a meaningful step up. OpenAI is partnering with Yubico to make the hardware more accessible Rather than just pointing users to Google search results, OpenAI has partnered with Yubico -- one of the most trusted names in hardware authentication -- to offer discounted bundles of YubiKeys. The bundle includes two keys: one small enough to live permanently in your laptop port, and one with NFC for mobile use. It's a smart move. The biggest barrier to hardware-based security has always been the friction of getting started, and removing the pricing hurdle helps. While this is a good initiative, here's what I really think about it. Most casual ChatGPT users probably don't need this yet. But the landscape is shifting. People are using ChatGPT for sensitive work conversations, legal research, medical questions, and business strategy. An account that holds months of that context is a valuable target. OpenAI offering this now, before a major account-breach headline forces their hand, is the right call -- and it's a sign that AI companies are starting to take security as seriously as the data they're actually holding.

OpenAI Rolls Out Advanced Account Security for ChatGPT Users - Decrypt

Enrolled accounts are excluded from model training by default. OpenAI on Thursday introduced Advanced Account Security, a new opt-in setting for ChatGPT designed for users who want stronger protection or face higher risks of digital attacks. The company said the new feature was created in response to how people are increasingly using ChatGPT to handle more sensitive and high-stakes tasks. "People are turning to AI for deeply personal questions and increasingly high-stakes work. Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows," OpenAI said in a statement. "For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher." OpenAI said the feature is intended to give users more control over security and privacy while centralizing protections in one place. Available in web account settings, the feature applies to ChatGPT and Codex accounts using the same login and requires passkeys or physical security keys instead of passwords, while limiting account recovery to backup passkeys, security keys, or recovery keys, and removing email and SMS options. That means OpenAI cannot assist with account recovery if those methods are unavailable. "Using physical security keys, such as YubiKeys, is one of the strongest defenses against phishing," the company wrote. "To make that level of protection easier to access, we have partnered with Yubico, a leader in hardware-based authentication and account protection, to offer our users preferred pricing on a customized bundle of best-in-class security keys." OpenAI said it will offer a discount on a bundle that includes two keys for everyday use and backup. Users can also use other FIDO-compliant security keys or software-based passkeys. Sign-in sessions are shortened to limit exposure if a device is compromised. Users receive alerts for logins and can review active sessions across devices. The setting also changes how user data is handled. Conversations from accounts enrolled in Advanced Account Security are automatically excluded from model training. OpenAI did not immediately respond to a request for comment by Decrypt. The announcement comes as phishing attacks continue to target users with increasingly convincing scams. In March, an OpenClaw developer was lured to a phishing scam targeting crypto wallets through a fake Github account. That same month, the Bonk.fun domain was hijacked by scammers to push wallet-draining prompts. Earlier this month, a fake Ledger app stole more than $9 million from over 50 users. The Advanced Account Security rollout also includes changes for users in OpenAI's "Trusted Access for Cyber" program, which provides access to more capable and permissive models. Members of the program will be required to enable Advanced Account Security starting June 1. Organizations can instead confirm they use phishing-resistant authentication through single sign-on systems. "Privacy and security are foundational to how we build all of our products and we'll continue investing in protections that give people more control and stronger safeguards over time," OpenAI wrote. "We expect to extend this work to additional audiences, including enterprise environments, where stronger account security can matter just as much."

ChatGPT accounts can now be shielded by a special USB

TL;DR: OpenAI's Advanced Account Security now lets ChatGPT users secure accounts with physical hardware keys, enhancing protection against phishing by replacing passwords with encrypted device-based authentication. This upgrade targets high-risk users but removes standard recovery options, requiring careful backup key management to prevent permanent access loss. ChatGPT accounts are getting a serious security upgrade, with users now able to lock access behind a physical USB key in a move that reflects just how valuable AI accounts have become. The new feature, part of OpenAI's Advanced Account Security rollout, allows users to authenticate using hardware security keys instead of traditional passwords. These keys, which plug into a device via USB or connect wirelessly, act as a physical layer of protection, ensuring only someone with the device can access the account. ChatGPT is no longer just a casual tool, for many users it now stores sensitive conversations, work documents, personal data, ideas, hopes, and even in some cases, extremely sensitive personal information. That makes it an increasingly attractive target for hackers, particularly through phishing attacks that exploit weak passwords. Hardware keys are widely considered one of the most secure authentication methods because they rely on encrypted credentials stored directly on the device rather than something that can be stolen or guessed. There are trade-offs, though. Enabling the feature removes standard recovery methods like email or SMS, meaning users must rely on backup keys or passkeys to regain access. Lose those, and access could be permanently gone. That level of responsibility signals how seriously OpenAI is now treating account protection, especially for high-risk users like developers, researchers, and enterprise clients. As AI becomes more embedded in daily workflows, moves like this feel inevitable. What used to be a simple login is quickly turning into something closer to enterprise-grade security. A similar process occurred with cryptocurrency as it gained in popularity.

OpenAI Launches Advanced Security for ChatGPT Accounts

Partnership with Yubico: The AI company has partnered with Yubico to support hardware-based authentication through security keys. They will offer a customised bundle of YubiKeys at preferred pricing. While the partnership launches alongside Advanced Account Security, the hardware bundle will be available more broadly to eligible users. The system also supports other Fast Identity Online (FIDO) compliant security keys and software-based passkeys. Why this matters: India has 100 million weekly active ChatGPT users, making it one of the company's largest global markets, OpenAI CEO Sam Altman said in February 2026. This is a user base that includes journalists, researchers, and government officials for whom account security is not theoretical. These are precisely the groups OpenAI says it designed this feature for. In India, they face documented risks: the country has seen Pegasus spyware used against journalists and activists, and account compromise via phishing is a recognised threat. The timing also aligns with a broader regulatory shift. The Reserve Bank of India's (RBI's) new authentication directions for digital payments, effective April 2026, mandate moving away from SMS OTPs toward stronger verification methods, signalling a broader move away from passwords and OTPs.

OpenAI Tightens ChatGPT Security with Advanced Protection for High-Risk Users

OpenAI is rolling out advanced security protections for ChatGPT users, targeting high-risk accounts. The update introduces stronger safeguards against hacking, data leaks, and identity-based attacks. OpenAI has implemented an additional security measure for high-risk ChatGPT users. The Sam Altman-led tech firm has enhanced its security system with this update by implementing sophisticated authentication techniques and developing stronger protection against unauthorized access. The primary reason for the development is the increasing number of hacks faced by AI platforms that now process confidential discussions. The rollout demonstrates that the entire digital identity protection industry needs to develop new methods to help users secure their online identities. The need to protect accounts has become mandatory because AI tools are now essential components of both personal and professional work.