OpenAI Locks Down ChatGPT with Passkeys and YubiKey Discounts
OpenAI launched Advanced Account Security for ChatGPT, requiring passkeys or security keys and removing SMS/email recovery. Partnered with Yubico for discounted keys. Enrolled accounts also get training data exclusion by default.
Quick Take
Requires passkeys or security keys, no SMS/email recovery.
Yubico discount bundle includes two security keys.
Enrolled accounts excluded from model training by default.
Feature targets journalists, activists, and high-risk users.
Market Impact Analysis
NeutralNo direct crypto market impact; tangentially mentions crypto phishing but not market-moving.
Speculation Analysis
Key Takeaways
- OpenAI’s new Advanced Account Security requires passkeys or physical security keys, completely removing SMS and email recovery.
- Enrolled ChatGPT accounts are automatically excluded from model training, enhancing data privacy.
- A Yubico partnership offers discounted hardware key bundles to users opting into the feature.
- The move targets high-risk users like journalists and activists amid a surge in phishing attacks.
What Happened
OpenAI rolled out Advanced Account Security for ChatGPT, an opt-in setting that mandates passkeys or FIDO-compliant security keys for authentication. The feature wipes SMS and email recovery, forcing users to rely on backup keys. Simultaneously, the company partnered with Yubico to offer discounted two-key bundles. Enrolled accounts get automatic exclusion from AI training, a privacy perk previously requiring manual opt-out.
The Numbers
The upgrade is entirely opt-in and currently live in web account settings. The Yubico deal includes two hardware keys—one for daily use, one for backup—at a reduced price. Sign-in sessions are shortened to limit risk. In recent months, crypto phishing alone has netted scammers millions; a fake Ledger app siphoned $9 million from over 50 victims.
Why It Happened
ChatGPT usage has shifted toward sensitive personal and professional tasks, making accounts richer targets. Phishing attacks have grown more sophisticated, as seen in the $9M Ledger scam and domain hijackings. OpenAI explicitly calls out journalists and dissidents as high-risk, addressing a gap where password-based recovery is a weak link.
Broader Impact
This sets a new bar for AI platform security. If adopted widely, it could pressure other AI services to drop SMS recovery—a vector that cost crypto users $9M in a single attack. For the industry, it reinforces hardware-based authentication as a gold standard against phishing.
What to Watch Next
- OpenAI plans to extend the security model to enterprise users, potentially integrating with corporate SSO.
- Rival AI platforms like Anthropic or Google may follow with similar hardware-key mandates.
- The crypto sector will monitor whether such measures reduce wallet-draining phishing success rates.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
