OpenAI adds passkey sign‑in for high‑risk ChatGPT/Codex accounts and restricts GPT‑5.5‑Cyber access

ChatGPT account security has quietly become a bigger deal than a normal consumer-login story. These accounts now hold personal chats, work documents, connected tools, and in Codex’s case, direct paths into codebases and developer workflows. That makes account takeover a much nastier problem than just losing access to a chatbot. OpenAI’s answer, announced on April 30, is a new Advanced Account Security mode for ChatGPT that also carries over to Codex — and it comes right as the company is tightening access to its most cyber-capable models. (openai.com) ### What actually changed in sign-in? OpenAI bundled a set of stronger protections into one switch. Once enabled, users sign in with passkeys or compatible physical security keys instead of weaker fallback methods. The package also adds login notifications, session management controls, shorter active sessions, and recovery keys for account recovery if a device is lost. OpenAI is framing this for peop(openai.com)ying point is simple — if your ChatGPT or Codex account matters, password-era security is no longer enough. (openai.com) ### Why do passkeys matter here? A passkey is basically a cryptographic credential stored on your device or on a hardware key like a YubiKey. Instead of typing a password that can be stolen, you authenticate with Face ID, Touch ID, a device PIN, or a key touch. That sharply reduces classic phishing risk because there is no reusable password to hand over to a fake login page. For accounts that sit nea(openai.com)rence is huge. (help.openai.com) ### What gets turned off? The catch is that OpenAI is not just adding stronger options — it is removing weaker ones. With Advanced Account Security on, password sign-in is disabled, email and SMS sign-in codes are disabled, and email-based account recovery is disabled too. That is the whole point. A security system is only as strong as its easiest fallback, and fallback paths are where attackers usually slip in. (help.openai.com) ### Why mention Codex specifically? Because Codex is not just another chat surface. OpenAI’s own developer docs warn that Codex cloud can interact directly with a codebase and should be protected more aggressively than many ordinary ChatGPT features. Enterprise setup docs also tie Codex into the broader ChatGPT security stack. So when OpenAI says the new protection extends to (help.openai.com)nal MFA hygiene. (developers.openai.com) ### What is happening on the cyber-model side? In parallel, OpenAI is still keeping its cyber-permissive models behind a gate. The company introduced Trusted Access for Cyber in February for GPT-5.3-Codex, then expanded it in April with GPT-5.4-Cyber for vetted defenders, including verified individuals, teams, enterprises, and critical infrastructure defenders. OpenAI says newer models such as GPT-5. (developers.openai.com)” which triggers extra safeguards in the API as well. (openai.com) ### Why restrict those models at all? Because the same model that helps defenders audit systems can also help attackers move faster. OpenAI has been explicit that cyber capability is one of the clearest dual-use areas for frontier models. Its own preparedness materials show rapid gains on cyber-style evaluations over the past year, and the company says it is planning as if each new model could hit hig(openai.com)cision and more a standing rule: stronger model, tighter gate. (openai.com) ### Who is this really for? Two groups. First, people with unusually sensitive accounts — journalists, executives, political targets, security researchers, admins, and developers with meaningful access. Second, organizations that want frontier cyber help but are willing to accept heavier vetting and security requirements. OpenAI is drawing a line between broad consumer convenience and high-trust access. That line is getting sharper. (openai.com) ### Bottom line? OpenAI is doing two things at once. It is making important accounts harder to steal, and it is making dangerous capabilities harder to casually reach. Those moves fit together. If AI accounts are becoming real operating surfaces — for work, code, and security — then both identity and model access start looking less like product settings and more like infrastructure. (openai.com)