Yubico partners with OpenAI to offer custom security keys for users
OpenAI and Yubico have launched a strategic partnership offering custom security key sets to enhance account protection for ChatGPT users.
Yubico partners with OpenAI to offer custom security keys for users
OpenAI and Yubico have entered into a strategic, long-term partnership to provide ChatGPT users with hardware-backed, phishing-resistant security keys. This collaboration introduces a custom 2-pack set of YubiKeys as part of the Advanced Account Security program, specifically targeting users who face an increased risk of targeted digital attacks.
The custom set consists of two different hardware forms: a YubiKey C NFC, which allows for tap-to-authenticate functionality on mobile devices, and a low-profile YubiKey C Nano designed to remain in a laptop port for daily use. Both devices utilize hardware-backed passkeys to reduce the risk of account takeovers.
The move extends a security model already used internally by OpenAI. According to Dane Stuckey, chief information security officer at OpenAI, YubiKeys are a standard part of how the company protects its own employees. Stuckey said security keys are among the best ways to protect accounts from phishing and that the Advanced Account Security program makes this protection accessible to ChatGPT users.
Jerrod Chong, chief executive officer of Yubico, described the partnership as a new model for phishing-resistant security at scale for the AI ecosystem. Chong stated the intent is to drastically reduce unauthorized access to sensitive data in OpenAI accounts worldwide by offering a low friction user experience.
Custom keys are available with exclusive pricing for existing OpenAI account holders.
Expanding Android Integration
Parallel to this partnership, Yubico has released the YubiKey Passkey Enabler app for Android. The app serves as an Android credential provider, designed to broaden FIDO2 capabilities and extend support to more devices. This release addresses gaps in Google Play Services, as Android's native support for passkeys over NFC is not yet available to all users.
The YubiKey Passkey Enabler app allows users to unlock passkey authentication on smartphones using both USB and NFC. Key technical features include:
- Connectivity: The app requires no internet connectivity to function.
- Hardware Support: It is compatible with any USB and NFC-enabled YubiKeys.
- Security: Multi-factor authentication secrets are stored on the YubiKey rather than the mobile device.
- User Interface: The app indicates where to tap the physical key based on the phone's NFC reader position.
Recent updates to the enabler app have focused on improving sign-in reliability and ensuring the security key PIN is requested only when required by a specific site. While the enabler app handles authentication, Yubico offers a separate tool, the Yubico Authenticator app, for managing credentials—including one-time passwords—and adjusting security settings on the keys.
Company Background and Standards
Yubico, which is headquartered in Stockholm, Sweden, as well as Singapore and Santa Clara, California, has been involved in shaping global authentication standards since 2007. The company co-created WebAuthn, FIDO U2F, and FIDO2, and introduced the original passkey. Its technology currently serves organizations and individuals across more than 160 countries.
The company, listed on Nasdaq Stockholm under the ticker YUBICO, also operates a philanthropic initiative called Secure it Forward, which donates security keys to nonprofits that support at-risk communities.
Users seeking to enroll in the Advanced Account Security program can find more information via the official OpenAI and Yubico channels.