OpenAI Launches Hardware Security Keys for ChatGPT with Yubico Partnership
OpenAI has released an advanced account security feature for ChatGPT and Codex accounts, providing an optional but robust security solution. This feature replaces traditional passwords and recovery methods with hardware security keys or passkeys, enhancing user privacy and protection.
Key Features:
- Two-Factor Authentication: Users must authenticate using two passkeys, hardware security keys, or a combination of both before accessing their accounts.
- No Password Login: Password-based login is permanently disabled, eliminating the risk of password theft or compromise.
- Enhanced Recovery Protection: Recovering an account through email or text message is no longer possible, adding an extra layer of security.
- Zero-Trust Architecture: Inspired by government and cryptocurrency systems, this feature ensures that credentials never leave the user's device, making it nearly impossible for attackers to gain unauthorized access.
Partnership with Yubico:
OpenAI has collaborated with Yubico, a leading hardware authentication company, to offer co-branded YubiKeys at a discounted price of $68 (a two-pack), compared to the retail price of $126. This partnership aims to make advanced security accessible to a wider range of users.
Target Audience:
The feature is designed with high-risk users in mind, including journalists, political dissidents, researchers, and elected officials, who may handle sensitive information within their ChatGPT accounts. However, OpenAI has made this security enhancement available to all users, regardless of their account type.
Benefits:
- Privacy Enhanced: With no email or text recovery options, user privacy is significantly improved as there is no way for attackers to regain access through social engineering or phishing attempts.
- Reduced Session Windows: Sign-in sessions are shortened, minimizing the potential damage from stolen session tokens.
- User Control: Users receive alerts for new logins and can monitor active sessions, providing them with unprecedented control over their accounts.
- Ethical AI Training: By opting out of model training upon enabling this feature, users ensure that their conversations do not contribute to improving future versions of ChatGPT.