News - OpenAI Enhances Account Safety with New Security Mode

In an era where AI services evolve at a rapid pace, OpenAI introduces a pivotal security measure designed specifically for individuals at higher risk of cyber threats. This initiative mirrors established industry practices like Google's Advanced Protection, ensuring users are safeguarded with the latest protections. OpenAI announced this as part of its comprehensive cybersecurity roadmap unveiled earlier this month. Acknowledging the increasing reliance on AI for sensitive personal and professional engagements, OpenAI is positioning this security upgrade as essential for users such as journalists, public officials, and security-focused individuals. These users find themselves leveraging ChatGPT for critical work, where data confidentiality is paramount. The Advanced Account Security eliminates conventional passwords, introducing a requirement for two tangible security measures—security keys or passkeys. This step significantly curtails the success potential of phishing attempts. OpenAI plans to phase out recovery through email and SMS, mandating the use of recovery keys and backup security tools instead, reinforcing the account integrity. In partnership with Yubico, the company will provide cost-effective access to YubiKey bundles for users interested in heightened security. Importantly, once a user activates this enhanced security mode, OpenAI’s support team will not assist in account recovery, as they will no longer have access to the recovery mechanisms in place. This discourages attackers from employing social engineering tactics aimed at retrieving credentials via support channels. This feature imposes shorter login sessions, promoting frequent authentication checks, and sends alerts for any account access, allowing users to oversee active sessions for services like ChatGPT and Codex. Additionally, OpenAI ensures that while any user can choose to opt out of data sharing for model training, this is the default setting for those utilizing Advanced Account Security. The imminent mandate for members of OpenAI’s Trusted Access for Cyber program to enable this feature by June 1 signifies a strong commitment to maintaining robust account security standards among third-party cybersecurity stakeholders and emphasizing resistance to phishing through enterprise-level authentication approaches.