OpenAI has introduced 'Advanced Account Security' for ChatGPT users, replacing traditional password and SMS or email recovery with phishing-resistant authentication options, including hardware keys. This new security feature targets users with heightened digital risk, a key move for India’s 100 million weekly ChatGPT users.
- Removes passwords and SMS/email recovery from ChatGPT accounts
- Supports hardware security keys via partnership with Yubico
- Targets high-risk users amid rising phishing and spyware concerns
What happened
On April 30, 2026, OpenAI rolled out an opt-in Advanced Account Security feature for ChatGPT users, aimed at significantly strengthening account protection by discontinuing the use of traditional passwords and recovery methods like SMS and email. Instead, the system incorporates phishing-resistant authentication techniques compatible across ChatGPT and Codex accounts through a single login.
A key element of this initiative is a partnership with security key provider Yubico, enabling OpenAI to offer hardware security keys, including a customized YubiKey bundle at special pricing for eligible users. Additionally, the platform supports other Fast Identity Online (FIDO) compliant security measures such as passkeys, expanding user options for secure access.
Why it matters
India represents one of OpenAI’s largest ChatGPT user bases globally, with approximately 100 million weekly active users comprising sensitive segments like journalists, researchers, and government officials. These users face substantial risks from targeted cyber threats, including phishing campaigns and spyware like Pegasus that have been documented within the country.
The introduction of Advanced Account Security comes amid India’s regulatory push to enhance digital authentication controls. The Reserve Bank of India’s new guidelines, effective April 2026, require moving away from SMS-based one-time passwords for digital payments, reflecting a broader shift toward stronger, more phishing-proof identity verification methods that OpenAI’s solution aligns with.
What to watch next
Watch for how quickly Indian users, especially those in high-risk groups, adopt OpenAI’s Advanced Account Security and whether this leads to a measurable reduction in account compromises due to phishing or spyware activities. The availability and uptake of Yubico’s customized hardware security keys will also be key indicators of success.
Additionally, it will be important to observe if regulatory bodies in India and elsewhere encourage or mandate similar passwordless and hardware-based authentication standards for other digital services, potentially setting a precedent for increased cybersecurity in the region and beyond.