OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
OpenAI 为高风险账户推出“高级”安全模式
For anyone who fears their ChatGPT and Codex accounts might be targeted by attackers, OpenAI announced on Thursday that it is adding an optional new level of account protection that adds an extra layer of security. Dubbed Advanced Account Security, the feature enforces strict access controls that would make account takeover attacks very difficult.
对于担心自己的 ChatGPT 和 Codex 账户可能成为攻击目标的用户,OpenAI 周四宣布将增加一个可选的全新账户保护级别,以提供额外的安全保障。该功能被称为“高级账户安全”(Advanced Account Security),它强制执行严格的访问控制,使账户接管攻击变得非常困难。
Such measures are not a new idea in the realm of account security. Google, for example, has offered its Advanced Protection account security tier for nearly a decade. But as mainstream AI services rapidly proliferate around the world, there is a pressing need for an array of basic protections to be put in place. OpenAI says the launch is part of its broader cybersecurity strategy announced earlier this month.
此类措施在账户安全领域并非新鲜事。例如,谷歌提供其“高级保护”(Advanced Protection)账户安全等级已有近十年之久。但随着主流 AI 服务在全球范围内迅速普及,建立一系列基础保护措施的需求变得愈发紧迫。OpenAI 表示,此次发布是其本月初宣布的更广泛网络安全战略的一部分。
“People are turning to AI for deeply personal questions and increasingly high-stakes work,” the company said on Thursday in a blog post. “Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows. For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.”
“人们正转向 AI 来处理极其私人的问题和日益高风险的工作,”该公司周四在博客文章中表示。“随着时间的推移,ChatGPT 账户可能会存储敏感的个人和职业背景信息,并成为连接各种工具和工作流的核心。对于某些人,如记者、民选官员、政治异见人士、研究人员以及那些特别注重安全的人来说,风险更高。”
People who enable Advanced Account Security can no longer use regular passwords on their accounts. Instead, they must add two physical security keys or passkeys to significantly reduce the risk of successful phishing attacks. The feature also eliminates email and SMS texts and routes for doing account recovery. Instead, users must use recovery keys, backup passkeys, or physical security keys. OpenAI says it has partnered with Yubico to offer lower-cost YubiKey bundles to Advanced Account Security users.
启用“高级账户安全”的用户将无法再使用常规密码登录账户。相反,他们必须添加两个物理安全密钥或通行密钥(passkeys),以显著降低网络钓鱼攻击成功的风险。该功能还取消了通过电子邮件和短信进行账户恢复的途径。用户必须改用恢复密钥、备份通行密钥或物理安全密钥。OpenAI 表示,已与 Yubico 合作,为“高级账户安全”用户提供更低成本的 YubiKey 套装。
Crucially, when a user turns on Advanced Account Security, they can no longer seek help from OpenAI’s support team for account recovery, because support no longer has access or control over any of the recovery options. This way, attackers can’t attempt to break into accounts by targeting support portals with social engineering attacks.
至关重要的是,当用户开启“高级账户安全”后,将无法再向 OpenAI 支持团队寻求账户恢复帮助,因为支持团队不再拥有任何恢复选项的访问权限或控制权。这样一来,攻击者就无法通过针对支持门户进行社会工程学攻击来试图入侵账户。
Advanced Account Security also enforces shorter sign-in windows and sessions before a user has to log in again on a device. And it produces alerts anytime someone logs in to the locked down account, pointing to the dashboard for reviewing active ChatGPT and Codex sessions. Additionally, while OpenAI offers the option for any user to opt out of having their ChatGPT conversations used for model training, this exclusion is on by default for Advanced Account Security users.
“高级账户安全”还强制缩短了登录窗口和会话时长,用户在设备上需要更频繁地重新登录。此外,每当有人登录受保护的账户时,系统都会发出警报,并引导用户前往仪表板查看活跃的 ChatGPT 和 Codex 会话。此外,虽然 OpenAI 为所有用户提供了选择退出将 ChatGPT 对话用于模型训练的选项,但对于“高级账户安全”用户,此项排除功能默认开启。
Members of OpenAI’s Trusted Access for Cyber program, which gives cybersecurity professionals, researchers, and others advanced access to new models, will be required to enable Advanced Account Security beginning on June 1 or submit an alternative attestation that they implement phishing-resistant authentication through an enterprise single sign-on mechanism.
OpenAI“网络可信访问”(Trusted Access for Cyber)计划的成员(该计划为网络安全专业人员、研究人员及其他人提供新模型的高级访问权限)将从 6 月 1 日起被要求启用“高级账户安全”,或者提交替代证明,证明他们已通过企业单点登录机制实施了防钓鱼身份验证。