OpenAI Codex Update Enhances Agent Workflows with Persisted Goal Workflows and Improved Plugin Support

OpenAI introduced Advanced Account Security, a new opt-in setting for ChatGPT accounts that also protects Codex users. Designed for high-risk individuals like journalists, officials, dissidents, and researchers, it bundles several heightened protections: passkeys or physical security keys replace password-based login, email and SMS recovery are disabled in favor of backup passkeys/security keys/recovery keys, sign-in sessions are shortened, login alerts are enabled, and conversations are automatically excluded from model training. OpenAI partnered with Yubico to offer a customized bundle—YubiKey C Nano for laptops and YubiKey C NFC for mobile—at preferred pricing to make phishing-resistant hardware authentication more accessible.

The move comes as part of OpenAI's broader cybersecurity action plan to broaden access to protective technologies. Users must opt in via the Security section on web, and once enabled, recovery support from OpenAI is not available—users are responsible for their own recovery keys. The system trades convenience for maximum security: no passwords, no SMS recovery, and tighter session management. This is particularly relevant for professionals handling sensitive personal or corporate data within ChatGPT and Codex, where account takeover risks are high.