🔑 IAM

OpenAI Launches Advanced Account Security Programme with Mandatory Phishing-Resistant MFA

OpenAI has announced an opt-in Advanced Account Security programme for high-risk users — journalists, human rights advocates, executives, and researchers — offering phishing-resistant FIDO2 hardware key and passkey authentication, stricter account recovery controls, and session compromise mitigations. The programme, developed in partnership with Yubico, acknowledges that standard MFA is insufficient against sophisticated phishing and AiTM attacks targeting OpenAI accounts with access to sensitive workflows.

4 min read
#openai#fido2#passkeys#mfa#phishing-resistant#account-security#advanced-protection#yubico

OpenAI has announced an Advanced Account Security programme — an opt-in enhanced protection model for users at elevated risk of targeted account compromise. The programme makes phishing-resistant FIDO2 hardware security key authentication (YubiKey and compatible devices) and passkey authentication mandatory for enrolled accounts, in place of or in addition to standard authenticator-app-based MFA.

The announcement acknowledges a threat reality that the security industry has been documenting throughout 2026: standard TOTP and push-based MFA can be bypassed by adversary-in-the-middle phishing campaigns, and high-value accounts — those belonging to journalists, activists, researchers, and business executives — are increasingly targeted by nation-state and sophisticated criminal actors using AiTM techniques.

Programme Details

Target enrolment population: OpenAI designed the programme for:

  • Journalists, human rights advocates, and activists who may use ChatGPT or the API for sensitive research and documentation
  • Executives and board members whose accounts may access sensitive organisational data via the ChatGPT Teams or Enterprise tiers
  • Security researchers and AI safety researchers working with sensitive model data
  • API developers with access to high-credit or high-capability OpenAI accounts

Phishing-resistant authentication requirements: Enrolled accounts must configure a FIDO2 hardware security key or platform passkey as the primary authentication factor. The programme is developed in partnership with Yubico, who will provide discounted YubiKey 5 series keys to enrolled participants.

Unlike TOTP codes, FIDO2 authentication is bound to the legitimate domain via a public key challenge-response protocol — a phishing site impersonating OpenAI cannot complete the FIDO2 challenge on behalf of the legitimate site, making the authentication proof non-transferable to an AiTM relay.

Stricter account recovery: Standard account recovery via email magic links is disabled for enrolled accounts. Recovery requires a pre-registered backup hardware key or an identity verification process through OpenAI’s support team with additional human review steps.

Session management controls: The programme includes enhanced session monitoring with automatic revocation of sessions originating from unexpected geographic locations, devices, or IP ranges — and reduced session token lifetime to minimise the window of exploitability for stolen tokens.

Context: Why OpenAI Is Acting Now

The timing of this announcement reflects the broader documented increase in AiTM phishing targeting enterprise SaaS accounts. Microsoft’s disclosure earlier this week of an AiTM campaign that compromised 35,000 accounts in 48 hours — using healthcare and financial services as primary targets — demonstrates the scale at which these attacks now operate.

OpenAI accounts have become significant targets for several reasons:

  • API credit theft: Accounts with pre-purchased or high-limit API credits are valuable to actors who want to run computationally expensive AI workloads
  • Data exfiltration: ChatGPT Teams and Enterprise accounts may contain conversation history including sensitive business data, code, and documents
  • Prompt injection for further attacks: Compromised accounts can be used to probe prompt injection vulnerabilities in deployed AI systems

The Advanced Account Security programme is analogous to Google’s Advanced Protection Programme (APP) and Microsoft’s Secure by Default initiative for high-risk accounts — a recognition that the standard security model applied to general users is insufficient for those at elevated risk.

Implications for Enterprise OpenAI Deployments

For organisations using OpenAI’s API or ChatGPT Enterprise, the programme’s launch is a signal that phishing-resistant MFA should be the standard — not the exception — for any account with significant API access or sensitive data exposure. Enterprise security teams should:

  • Review the authentication configuration for all OpenAI API accounts, particularly those with high credit limits or production system access
  • Evaluate enrolment in Advanced Account Security for all administrator accounts and accounts with API key management access
  • Implement hardware key requirements as part of enterprise ChatGPT seat provisioning for users in high-risk roles

The programme’s passkey support is particularly significant for enterprise deployment: passkeys stored in a managed enterprise device’s platform authenticator (Windows Hello for Business, macOS Secure Enclave) provide phishing-resistant authentication without the logistics of distributing hardware keys to all users.

Share this article