OpenAI gives users option to ditch passwords
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
OpenAI introduced a new set of security controls on Thursday that allow users to set up passkeys and eliminate traditional email-and-password logins.
Why it matters: A recent wave of cyberattacks has exploited basic security weaknesses, like stolen passwords, to take over user accounts.
- OpenAI says the feature is aimed at higher-risk users, including journalists and government officials.
Driving the news: OpenAI is rolling out "Advanced Account Security," a new opt-in setting that requires users to set up two authentication methods — passkeys or hardware security keys — to log into ChatGPT or Codex.
- The new mode is available to all users, including those using the free tier. Users can choose two hardware keys, two passkeys, or one of each.
- Users who choose the higher security mode are also opted out of model training and receive alerts for new logins, along with tools to view and end active sessions.
What they're saying: "Users continue to use ChatGPT for some of their most sensitive and personal matters, and it only makes sense that we as a company try to make available capabilities that meets our users with how they use our product," Ogbeide Oigiagbe, a member of OpenAI's product team, told reporters Wednesday.
Yes, but: Once enabled, users can no longer log in with an email and password, and recovering an account via email or text message is disabled.
- OpenAI's support team also won't be able to help users recover their accounts if they're locked out.
- Oigiagbe said that the company's customer service department is preparing materials to help customers understand the new recovery methods.
The big picture: Hackers are increasingly targeting AI accounts, and passwords remain one of the easiest ways to break in.
- OpenAI customer data — including names, emails and device metadata — was exposed last year in a breach tied to analytics vendor Mixpanel.
- Researchers also found a trove of allegedly stolen credentials for 20 million ChatGPT accounts circulating online.
- In another case, hackers used a compromised third-party AI account to access internal systems at Vercel.
Zoom in: OpenAI is partnering with Yubico to offer users discounted hardware security keys. Users can now buy a bundle of two YubiKeys for $68, down from a $126 retail price.
What to watch: OpenAI plans to require members of its Trusted Access for Cyber program — a set of identity-verified users with access to sensitive cyber-permissive models — to enable the feature starting June 1.
