Secure accounts with Advanced Account Security
TL;DR
Users can now enable stricter sign-in requirements, including passkeys and physical security keys. This mode disables weaker recovery paths like SMS codes to prevent account takeovers.
## What changed OpenAI rolled out Advanced Account Security on April 30, 2026 as an optional setting for personal ChatGPT accounts. The feature requires passkeys or physical security keys for sign-in and disables password login, email or SMS codes, and email-based recovery.
It adds recovery keys, shorter session times, login notifications, and session controls. Users must keep their recovery keys and enrolled keys safe, since losing all access methods can permanently lock them out of the account.
## Why it matters This change raises the bar for account protection at a time when many builders store prompts, files, and connected data inside ChatGPT. It directly reduces easy takeover paths that still work on most consumer accounts.
The trade-off is clear: stronger security means fewer recovery options if something goes wrong. Solo operators who rely on quick resets or shared devices will feel the friction first.
## How to use it Go to ChatGPT settings on web, find the Advanced Account Security toggle, and enable it. Set up a passkey or compatible hardware key during the process and immediately save the provided recovery keys.
The setting is available only for personal accounts, not Business, Enterprise, or Edu workspaces. Test sign-in from your usual devices before relying on it for daily work.
## Watch for Confirm the bet if OpenAI adds recovery options that still avoid SMS while remaining usable. The feature breaks if too many users lose access and complain loudly. Expect similar controls to appear in the Business plan next.
Harsh’s take
Most Vibe Builders treat ChatGPT like a notebook and a database at once. Leaving that account open to SMS hijacks is now an obvious risk. Advanced Account Security removes the easy exits but forces you to treat the account like production infrastructure.
The real cost is operational overhead. You need a hardware key or reliable passkey manager, plus a safe place for recovery codes. Skip either step and you can lose months of custom instructions and file history in one go.
Do this now: enable the setting on your main account, store the recovery keys offline, and move any shared team workflows to a separate Business workspace that still allows simpler recovery.
by Harsh Desai
About ChatGPT
View the full ChatGPT page →All ChatGPT updatesMore from ChatGPT
- App UpdateSimplify model selection in composer
Paid users on web can now switch models and adjust thinking effort levels directly within the message composer, streamlining the workflow for selecting specific AI capabilities.
- IntegrationLaunch ChatGPT for Excel and Google Sheets
ChatGPT is now available as a sidebar integration for Microsoft Excel and Google Sheets. It assists with formulas, data cleanup, and budget tracking directly within spreadsheet environments.
- Model ReleaseRelease GPT-5.5 Instant as default model
GPT-5.5 Instant is now the default model for all users, offering improved accuracy, image understanding, and conciseness. It reduces overformatting and handles context from files more effectively.