Bỏ qua đến nội dung chính
Back to home
AI tools-ai Tech 2 min read

🔑 OpenAI mandates hardware-backed passkeys for Trusted Access Cyber members

OpenAI has mandated the use of hardware-backed security passkeys for Trusted Access Cyber members to secure their ChatGPT accounts against phishing.

Tier 2 · sources 99% confidence Reviewed
Sources yubico.com

According to Yubico, OpenAI has mandated the use of hardware-backed passkeys for members of the Trusted Access Cyber program when logging into their ChatGPT accounts. This move aims to maximize the security of sensitive and highly privileged accounts against increasingly sophisticated cyberattacks.

Detailed Developments

OpenAI's Trusted Access Cyber program includes high-profile partners and security experts who regularly access experimental tools and data. Mandating hardware-backed passkeys replaces traditional two-factor authentication (2FA) methods like SMS or OTP generator apps, which are vulnerable to phishing attacks. Yubico, a leading provider of hardware security keys, has collaborated with OpenAI on this authentication infrastructure transition to ensure a seamless yet highly secure login experience.

Technical & Technology Analysis

Hardware-backed passkeys leverage FIDO2 and WebAuthn standards to generate asymmetric cryptographic key pairs. The private key is securely stored in a dedicated secure element chip within the hardware device (such as a YubiKey) and never leaves the device. When logging into ChatGPT, the browser sends a challenge, and the hardware device digitally signs it to authenticate without ever transmitting a password over the internet, completely eliminating the risk of remote credential theft.

Expert Opinions & Insights

Security experts at Yubico noted that OpenAI's transition to hardware-backed passwordless authentication is a necessary strategic step. As AI models hold more core enterprise data, securing the credentials of high-privilege users is a top priority. However, some analysts also point out that mandating physical hardware could cause minor initial friction for users if they lose or forget their security keys.

Impact & Future

OpenAI's decision is expected to set a new industry precedent for securing AI accounts. For Vietnamese developers and users, the shift toward hardware security keys is becoming increasingly clear as major platforms tighten cyber security policies. Proactively adopting robust authentication solutions will be key to protecting digital assets against targeted attacks on administrator and expert accounts.