OpenAI Advanced Account Security protects Codex accounts with passkeys, security keys, and automatic training opt-out
OpenAI announced on April 30, 2026 that Advanced Account Security now covers the same ChatGPT login people use for Codex. That matters because a coding-agent account is no longer just a chatbot seat. It can sit above repositories, connectors, long-running agent sessions, and sensitive planning context. OpenAI's new bundle adds phishing-resistant sign-in, stricter recovery, shorter sessions, and automatic training exclusion for enrolled accounts.
AI coding accounts now hold real operational leverage
OpenAI's own framing is the useful one: these accounts increasingly sit at the center of connected workflows. For Codex users, that can mean access to code, diffs, task context, and internal reasoning about what to change next. The surface has already been widening through Codex app workflows and workspace agents. Once the account becomes a control point, authentication quality matters more than before.
The new package changes four things at once: passwords get disabled in favor of passkeys or physical security keys, e-mail and SMS recovery disappear, active sessions get shorter and easier to audit, and conversations from enrolled accounts are automatically excluded from model training. None of that makes coding agents better by itself. It does make the account boundary cleaner.
This is really a builder-ops story
The fast social reaction around the launch leaned toward "security mode for at-risk accounts." That is true, but it undersells the developer angle. If your AI tooling can open repos, review PRs, or hold months of product context, then a weak login path becomes part of your engineering risk model. The builder takeaway is not only "turn this on if you are famous." It is "decide which operator accounts are now privileged enough to deserve phishing-resistant auth."
OpenAI also makes the tradeoff explicit: if you enroll, support will not help recover the account. That is the right kind of friction. It forces teams to stop treating recovery as a casual afterthought and to document who owns backup keys, which devices stay enrolled, and how shared workflows avoid creating a single locked-out bottleneck.
What TRH readers should do next
Audit the accounts behind your highest-value agent workflows. Separate everyday experimentation from repo-touching operator accounts. Turn on stronger auth where the account can trigger real code or access sensitive context. Then look at session sprawl too. Security and token discipline are linked: the more persistent and connected the workflow becomes, the more important it is to know who can access it, how long it stays open, and what context keeps accumulating inside it.