OpenAI introduces physical security keys to strengthen ChatGPT account protection

OpenAI has unveiled a new security initiative to strengthen user protection on its widely used chatbot platform, ChatGPT. The company has partnered with Yubico to introduce physical authentication devices designed to prevent unauthorised access, even when passwords are compromised.

The move forms part of OpenAI’s Advanced Account Security programme, which aims to provide stronger safeguards for individuals and organisations using its services. By implementing hardware-based authentication, the company aims to address rising concerns about phishing attacks and account breaches affecting digital platforms worldwide.

Hardware-based authentication aims to reduce account breaches

At the centre of the initiative is a custom bundle of YubiKey devices that users can purchase to secure their accounts. The bundle includes two keys that work together to verify a user’s identity during login attempts. This dual-key system ensures that access cannot be granted without both physical devices being present, adding a significant barrier to potential attackers.

For desktop and laptop users, one key is the YubiKey C Nano, which is designed to remain plugged into the device at all times. It acts as a constant verification tool, confirming that the authorised user is physically present. Meanwhile, mobile users can rely on the YubiKey C NFC, which enables authentication by tapping the key against a compatible smartphone.

OpenAI explained that the system supports any FIDO-compliant security key, allowing flexibility for users who may already own similar devices. The company highlighted the advantages of hardware-backed passkeys, which are widely regarded as highly resistant to phishing attempts and credential theft. By using such keys, users may also benefit from passwordless login options, simplifying the sign-in process while maintaining a high level of security.

“A physical security key adds an extra layer of defence and helps protect your account even if your password is exposed,” OpenAI said in a statement outlining the new feature.

Industry collaboration highlights growing focus on digital safety

The partnership between OpenAI and Yubico reflects a broader industry trend towards adopting more robust authentication methods. As cyber threats continue to evolve, companies are increasingly turning to hardware solutions to complement traditional security measures such as passwords and two-factor authentication.

Yubico chief executive Jerrod Chong emphasised the importance of reducing risks associated with unauthorised access. “Ultimately, we intend to drastically reduce the threat of unauthorised access to sensitive data in OpenAI accounts worldwide,” he said.

OpenAI’s chief information security officer, Dane Stuckey, noted that the company has already implemented similar protections internally. “We’ve made YubiKeys a standard part of how we protect OpenAI employees, and with Advanced Account Security, we’re making it easier for ChatGPT users to choose that same kind of phishing-resistant protection when it’s right for them,” he explained.

This internal adoption signals confidence in the technology and suggests that OpenAI views physical keys as a reliable defence against increasingly sophisticated cyber attacks. The rollout to consumers marks an effort to extend enterprise-grade security practices to a broader audience.

Trade-offs and availability for users

While the introduction of physical security keys offers enhanced protection, OpenAI acknowledged that the approach comes with certain limitations. Chief among these is the reduced availability of account recovery options. Because access depends on possession of the physical keys, losing them could make it more difficult for users to regain entry to their accounts.

This trade-off reflects a common challenge in cybersecurity: stronger protections often come at the cost of convenience. OpenAI has indicated that users should carefully consider their needs before adopting hardware-based authentication, particularly if they are concerned about potential lockouts.

Yubico has launched the two-key bundle with exclusive pricing for existing OpenAI account holders, although specific details of the offer have not yet been disclosed. The company is expected to provide further information as the programme becomes more widely available.

The introduction of physical keys represents a notable step in OpenAI’s ongoing efforts to enhance user security. As digital threats continue to grow in scale and complexity, the adoption of hardware-backed authentication may become increasingly common across the technology sector.