Your ChatGPT account is not safe from hackers. At a time when cybersecurity remains the core concern for the digital industry, OpenAI is now making efforts to give users the chance to secure their accounts. The idea of a password-less login has been designed to drastically reduce phishing risks and account takeovers, which are getting increasingly dangerous as more advanced tools keep emerging.
As part of its latest update to ChatGPT, OpenAI has launched Advanced Account Security as a significant security upgrade for its users. It essentially offers a new opt-in feature that enables fully password-less login for ChatGPT and Codex accounts.
The new system replaces traditional email-and-password authentication with passkeys (software-based biometric authentication) or physical hardware security keys. Once enabled, users can sign in using fingerprint, face ID, or a plugged-in security key on their personal devices, making unauthorised access far more difficult even if login credentials are phished.
Password-less login for ChatGPT, Codex
OpenAI states that the Advanced Account Security feature is primarily for high-risk users, including journalists, researchers, political figures, activists, and organisations handling confidential information. “People are turning to AI for deeply personal questions and increasingly high-stakes work,” the company noted.
“A ChatGPT account can hold sensitive context and sit at the center of connected tools and workflows,” they added.
There are some key changes to be observed once the feature is enabled:
– Complete disabling of password-based login.
– Requirement of at least two authentication methods (e.g., two passkeys, two hardware keys, or a combination).
– Removal of email and SMS recovery options.
– Recovery limited to backup passkeys, security keys, and one-time recovery codes.
OpenAI has explicitly warned that it will not be able to assist users who lose access to their methods and codes, thus placing full responsibility on the individual to safeguard backups. The company has partnered with Yubico to offer discounted hardware security key bundles for users who prefer physical keys.
How to enable password-less login on your ChatGPT/Codex account
Users can activate the feature easily on the web version of ChatGPT.
– Go to Settings and click on the ‘Security’ options. Then click on ‘Advanced Account Security’ and follow the guided enrollment process. The setup page clearly outlines both the enhanced protection and the risks of permanent lockout before proceeding.
For certain high-profile users in OpenAI’s Trusted Access for Cyber program, the feature will become mandatory from June 1, 2026.
Why you should enable OpenAI’s Advanced Account Security right now
In an era where AI accounts like ChatGPT and Gemini have become treasure troves of highly personal, professional, and sometimes sensitive information, it is smart to protect the data inside by all means and costs.
Enabling OpenAI’s new Advanced Account Security is one of the smartest moves you can make. Traditional passwords remain dangerously vulnerable to phishing attacks, credential stuffing, and data breaches, and hackers are increasingly targeting AI platforms because a compromised ChatGPT account can reveal private conversations, business strategies, code, or personal data.
By switching to passkeys and hardware security keys, you eliminate the weakest link — the password. Replacing it with phishing-resistant biometric or cryptographic authentication will always be both more secure and more convenient. With cyber threats against AI users rising sharply in 2026, enabling this feature now gives you military-grade protection before your account becomes a target.