Enable Advanced Account Security for Personal Accounts
TL;DR
ChatGPT has introduced Advanced Account Security, an optional setting that enforces stronger sign-in methods like passkeys, disables weaker recovery paths, and adds session management controls.
## What changed On April 30, 2026 OpenAI started rolling out Advanced Account Security as an optional toggle for personal ChatGPT accounts. The setting requires passkeys or compatible security keys for sign-in and disables password login, email or SMS recovery codes, and email-based account recovery. It also adds recovery keys, shorter session times, login notifications, and session management tools.
The feature targets account takeover risks and data exposure on consumer plans. It is not available for Business, Enterprise, or Edu workspaces at launch.
## Why it matters Solo builders who keep project files, automation logs, or client context in ChatGPT now have a direct lever to reduce unauthorized access. The change treats personal accounts as production assets rather than throwaway chat spaces. It pressures users to weigh daily friction against the cost of a compromised thread history or connected data.
OpenAI is betting that serious users will accept stricter recovery in exchange for fewer silent breaches. Casual users may simply ignore the toggle and stay exposed.
## How to use it Open ChatGPT on the web and go to Settings. Find the Advanced Account Security section and turn the toggle on. Immediately save the recovery keys shown on screen and register a passkey or security key before logging out. Test the new sign-in flow from another device to confirm access.
The option appears only for personal accounts in supported regions. Storage management and file library features remain unchanged after enabling the setting.
## Watch for Widespread adoption among users who store files or run long-running Codex sessions will confirm the security bet. Mass lockouts from lost passkeys or recovery keys will break it. The next logical step is extension of the same controls to team workspaces.
Harsh’s take
For a solo operator running client work through ChatGPT in 2026 this toggle forces a real choice between speed and survival. The main trade-off is giving up instant email recovery for protection against someone walking off with your saved memories, uploaded docs, and automation history.
Most builders will leave it off until the first breach hits someone they know. That delay keeps the attack surface wide open for the exact accounts that hold the most reusable context.
Enable the setting today, register a passkey on your main device, and store the recovery keys in a separate vault before you add any more client files.
by Harsh Desai
About ChatGPT
View the full ChatGPT page →All ChatGPT updatesGo deeper
More AI news
- LaunchTencent: Hy3 (free) now available on OpenRouter (262k context, $0.00/M in, $0.00/M out)
Tencent's Hy3, a 295B-parameter MoE model with 21B active parameters, launches free on OpenRouter with 262k context.
- FeatureOpenClaw bundles ClawRouter plugin for dynamic model discovery and budgets
OpenClaw bundles the ClawRouter provider plugin. It adds credential-scoped dynamic model discovery, OpenAI-compatible and native Anthropic/Gemini transports, and managed budget reporting.
- ResearchDeepSeek's DeepSeek V4 Flash leads OpenRouter with 5.35T tokens (6 Jul 2026)
DeepSeek V4 Flash leads OpenRouter rankings for the week of 2026-07-06, followed by Hy3 preview and DeepSeek V4 Pro.