OpenAI is rolling out new optional security features for ChatGPT accounts, including a partnership with Yubico to support hardware security keys for account protection.
OpenAI announced expanded security options for ChatGPT users on Tuesday, introducing opt-in protections designed to strengthen account defenses against unauthorized access.
The centerpiece of the initiative is a new partnership with Yubico, a leading provider of hardware security keys. This collaboration enables ChatGPT users to authenticate their accounts using physical security keys—devices that provide multi-factor authentication without relying on traditional passwords or phone-based verification codes.
Hardware security keys offer several advantages over conventional authentication methods. They are resistant to phishing attacks, as the keys only respond to authentication requests from verified websites and services. Users cannot be tricked into entering credentials on fraudulent sites, a common attack vector that affects millions of accounts annually.
The new security measures are optional, allowing users to maintain their current authentication setup or adopt the enhanced protections. OpenAI has not specified a rollout timeline or detailed availability, but the announcement suggests the features will become available to the broader user base.
This move aligns with industry trends toward hardware-based authentication. Major tech companies including Google, Microsoft, and Apple have expanded support for security keys in recent years, recognizing their effectiveness at preventing account takeovers.
For ChatGPT users, the addition reflects growing concerns about account security as the platform handles sensitive conversations and personal data. OpenAI has previously offered two-factor authentication options, but hardware security keys represent a more robust protection layer.
Yubico's security keys are compatible with various platforms and protocols, though OpenAI did not detail which specific products or standards will be supported in the ChatGPT integration.
The announcement comes as AI services continue attracting users and, correspondingly, the attention of threat actors seeking to compromise high-value accounts. Enhanced security features may encourage adoption among security-conscious users and enterprises.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.