Researchers, journalists, elected officials, and others are embracing AI platforms like ChatGPT for answers to personal questions and help with high-stakes work. ChatGPT accounts can hold a significant amount of sensitive information over time, and many professionals integrate the tool into their workflows for efficiency. Unfortunately, the information in those accounts can become a target for cybercriminals looking for ways to gain unauthorized access to sensitive information.
To enhance security measures across the board, ChatGPT is introducing Advanced Account Security with physical security keys for an added layer of protection against phishing.
How ChatGPT’s Advanced Account Security Works
The Advanced Account Security program is an opt-in setting for ChatGPT users at risk of digital attacks and those who want the strongest account protections the platform offers. The program includes multiple security measures that provide layers of protection against cybercriminals seeking access to sensitive information.
Here is a closer look at Advanced Account Security and its features.
Stronger Login Methods
Opting into this program will require people to use secure passkeys or ChatGPT’s physical keys for account security. Users won’t have to rely on a password to log into their accounts. The lack of passwords makes it harder for adversaries to access accounts, even if the credentials are compromised and end up on a malicious website.
Secure Account Recovery Options
Unfortunately, emails and phone numbers can be compromised, and cybercriminals may use them to gain access to ChatGPT accounts. The Advanced Account Security program protects users by disabling SMS or email recovery options. Instead, program users will rely on secure recovery methods such as backup passkeys and security keys.
Automatic Training Exclusion
People who work with sensitive information can choose not to have their conversations used for model training. The program makes this preference automatic for extra protection.
Phishing-Resistant Login Protection With Yubico
Part of the Advanced Account Security program is OpenAI’s partnership with Yubico. They’re launching custom YubiKeys to help protect ChatGPT users from phishing and account break-ins.
AI users on PC can plug in the YubiKey C Nano to their desktop or laptop to verify their presence. For smartphone users, the YubiKey C NFC allows for easy access to their accounts by tapping the key against the device to verify the login.
Why Use a Hardware-Backed Passkey for ChatGPT?
A hardware-backed passkey is one of the best authentication methods to combat phishing attacks. The FIDO-compliant security key provides an additional layer of protection if a password is exposed.
OpenAI uses YubiKeys internally to protect its workers. Having the physical key allows users to quickly and securely access their accounts.
Recovery for Physical Keys
Physical keys prioritize security above everything else. Although the Advanced Account Security program provides secure account recovery options for compromised phone numbers and emails, physical key recovery is more limited.
Businesses, professionals, and casual AI users should understand that using ChatGPT’s physical keys for account security can help reduce cybersecurity risks. As phishing attacks and credential theft continue to evolve, enterprises that adopt stronger authentication methods, including multi-factor authentication and hardware security keys, will be better able to safeguard sensitive information.
