OpenAI Adds Advanced Account Security

This is the right kind of security product update: boring, restrictive, and materially harder to phish. The tradeoff is real, though, because OpenAI is moving from convenience-first account recovery to a model that assumes users can manage backup keys and accept less hand-holding.

• –Phishing-resistant sign-in is the main win here; passwords plus SMS recovery are the weak links this feature explicitly removes
• –The support burden shifts to the user, since OpenAI says enrolled accounts cannot be recovered by Support if access is lost
• –The Yubico bundle is a pragmatic adoption nudge, because hardware keys only work if users can actually get them
• –Requiring the setting for Trusted Access for Cyber by June 1 signals OpenAI is treating high-risk and high-sensitivity accounts differently from normal consumer logins
• –Automatic exclusion from model training is a notable privacy perk, and it makes the feature more appealing to journalists, researchers, and security-conscious users