{"data":{"id":"f7d8e010-fd97-4ebe-8e4e-84fce55c30e3","title":"OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts","summary":"OpenAI launched Advanced Account Security, an optional protection feature for high-risk ChatGPT and Codex users like journalists and dissidents that replaces passwords with physical security keys or passkeys to prevent account takeover attacks (when someone gains unauthorized access to an account). The feature also uses recovery keys instead of email/SMS for account recovery, enforces shorter login sessions, and sends alerts on sign-ins, making it much harder for attackers to breach accounts through phishing (tricking users into revealing login credentials) or social engineering (manipulating support staff).","solution":"OpenAI's explicitly mentioned mitigations for Advanced Account Security users include: (1) requiring two physical security keys or passkeys instead of passwords, (2) eliminating email and SMS recovery routes in favor of recovery keys, backup passkeys, or physical security keys, (3) blocking OpenAI support team access to recovery options to prevent social engineering attacks on support portals, (4) enforcing shorter sign-in windows and sessions before re-authentication is required, (5) generating login alerts that users can review in their dashboard, and (6) enabling data opt-out from model training by default. OpenAI also partnered with Yubico to offer lower-cost YubiKey bundles to these users. Members of OpenAI's Trusted Access for Cyber program must enable Advanced Account Security by June 1, 2024, or submit an alternative attestation of phishing-resistant authentication through enterprise single sign-on.","labels":["security"],"sourceUrl":"https://www.wired.com/story/openai-chatgpt-codex-advanced-account-security/","publishedAt":"2026-04-30T17:30:39.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","ChatGPT","Codex","Google","Yubico","YubiKey"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-30T17:30:39.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}