OpenAI rolls out passkeys for ChatGPT, partners with Yubico

OpenAI has introduced new passwordless security settings for ChatGPT accounts, allowing users to opt for passkeys or physical security keys. At the same time, the generative AI firm has announced a partnership with hardware authentication device maker Yubico, offering a two-pack set of custom YubiKeys to users at a special price.

The new opt-in setting, named Advanced Account Security, removes password-based sign-in from ChatGPT and Codex accounts. Instead, users can opt for any FIDO-compliant security key or software-based passkeys.

The feature is built on FIDO2 and WebAuthn specifications, the same standards adopted by Google, Microsoft, GitHub, and other vendors for phishing-resistant authentication.

The partnership with Yubico comes after OpenAI deployed its products internally to protect their employees and infrastructure from sophisticated phishing. The U.S.-based firm has been dealing with threats such as cybercriminals sending malware to OpenAI employees and attackers exploiting OpenAI’s organization creation and team invitation features to send spam emails from legitimate OpenAI addresses.

“We’ve made YubiKeys a standard part of how we protect OpenAI employees, and with Advanced Account Security, we’re making it easier for ChatGPT users to choose that same kind of phishing-resistant protection when it’s right for them,” says Dane Stuckey, chief information security officer at OpenAI.

Yubico will offer users a bundle consisting of the YubiKey C Nano, designed to remain seated in a laptop port for daily authentication, and the YubiKey C NFC, intended for backup and cross-device use across laptops and mobile devices.

“Ultimately, our intent is to drastically reduce the threat of unauthorized access to sensitive data in OpenAI accounts worldwide,” says Yubico CEO Jerrod Chong.

Yubico is also looking towards securing AI workflows as more companies rush to adopt AI, leading to security gaps. The Sweden-based firm has partnered with Delinea to provide hardware-attested proof of human authorization for high-consequence agentic actions, including audit trails that bind every automated action to a verified human.

Article Topics

biometric security key  |  biometrics  |  ChatGPT  |  FIDO2  |  OpenAI  |  passkeys  |  passwordless authentication  |  Yubico