OpenAI Now Gives High-Risk Users Physical Security Keys to Protect Their Accounts

OpenAI has launched a new security program for ChatGPT users. The company is giving away pairs of small physical devices called security keys to users who face the highest risk of being hacked. These keys are custom-made through a partnership with Yubico, a company that specializes in security hardware.

What You Get

The program sends eligible users two small devices. One is designed for phones and uses wireless tap-to-connect technology. The other is designed for laptops and stays plugged in. Together, they let you use ChatGPT securely from your phone or computer.

Why OpenAI Chose Hardware Keys

OpenAI already uses these same security keys to protect its own employees' accounts. That internal success convinced the company to offer them to users.

The security key works differently from the codes that appear in your authenticator app or text messages. Think of it like a physical ID card that proves you are who you say you are. When you log in, you hold the key near your phone or plug it into your laptop, and the system recognizes it as proof of your identity. Unlike a code that someone can intercept or guess, the key has to be physically present. A hacker on the other side of the world cannot fake it.

Why This Matters Now

ChatGPT is no longer just a tool people play with on the side. Many professionals now use it for real work — writing documents, handling data, planning business decisions. If a hacker gains access to someone's ChatGPT account, they could see sensitive work files, impersonate that person, or access information connected to their company.

Earlier forms of two-factor authentication, like security codes sent via text message, have known vulnerabilities. Hackers can trick your phone company into redirecting your messages, or they can trick you into typing a security code into a fake website while they watch and use it immediately. Hardware keys prevent both tricks because they require you to physically touch a device, and they use cryptographic technology that automatically detects fakes.

How the Keys Work

The devices use a security standard called FIDO2 that is widely adopted across the internet. Each time you log in, the key creates a unique mathematical signature for that moment and that device. Even if someone records your login attempt, they cannot replay it later because the signature changes every time.

The keys are built to resist tampering. If someone tries to open one up and steal the cryptographic material inside, the device destroys itself.

The Bigger Picture

We have seen this pattern before, when major companies like Google, Microsoft, and Amazon began giving hardware keys to their executives and administrators after high-profile security breaches in the 2010s. It took a while, but these tools eventually became standard for protecting important email accounts and company systems.

OpenAI is now extending this level of protection to everyday users. This suggests that AI platforms are becoming important enough that they need the same security measures we use for banks and government systems.

The partnership with Yubico is also notable because OpenAI did not try to build these devices themselves. Instead, they worked with an expert company and added their own branding. This lets them move fast and bring the technology to users quickly without having to hire a hardware engineering team from scratch.

What Comes Next

OpenAI has not said which users will qualify for the program or whether it will eventually become available to everyone. The company has also hinted that additional security features may be coming, though specifics have not been disclosed.

If this program works well, other AI companies will likely follow suit. Over time, hardware security keys could become as common in AI services as they already are in banking and email.