Introducing Advanced Account Security

Introducing Advanced Account Security An advanced set of protections against unauthorized access to ChatGPT accounts, Codex, and the sensitive information they can contain. Today, we’re introducing Advanced Account Security, a new opt-in setting for ChatGPT accounts, designed for people at increased risk of digital attacks, as well as for those who want the strongest account protections available. It brings together a set of heightened security measures that help safeguard against account takeover while making those protections easier to activate in one place. Once enrolled, Advanced Account Security protects users in Codex as well. People are turning to AI for deeply personal questions and increasingly high-stakes work. Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows. For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher. This effort is part of our broader cybersecurity action plan(opens in a new window) to broaden access to the technologies that can help protect communities, critical systems, and our national security. We want users to have the controls to make the security and privacy choices that are right for them. At the same time, we want to ensure users understand that the increased protection of Advanced Account Security comes with an increased responsibility for account recovery. Advanced Account Security brings together a series of controls that strengthen sign-in protections, tighten account recovery, reduce exposure from compromised sessions, and give users more visibility into account activity. It’s available to opt into in the Security section of users’ ChatGPT accounts on web. Protection applies to both ChatGPT and Codex accounts that are accessed through that login. Stronger sign-in methods. Advanced Account Security requires passkeys or physical security keys while disabling password-based login, helping make phishing-resistant sign-in the default for people who need it most. More secure account recovery. If a user’s email account or phone number is compromised, an attacker may try to use one of them to gain access to their ChatGPT account via e-mail or SMS based recovery. To reduce this risk, Advanced Account Security disables email and SMS recovery and requires stronger recovery methods: backup passkeys, security keys, and recovery keys. Because account recovery is restricted to these more secure methods, OpenAI Support will not be able to assist with account recovery for users enrolled in Advanced Account Security. Shorter sessions and clearer session management. Sign-in sessions are shortened to reduce the window of exposure if a device or active session is compromised. Users also receive alerts when there is a login to their account, and they can review and manage the active sessions across the various devices they’re signed into. Automatic training exclusion. People working with especially sensitive information may opt not to have those conversations used for model training. With Advanced Account Security enabled, that preference is automatic: conversations from those accounts will not be used to train our models. Using physical security keys, such as YubiKeys, is…