Your AI account is no longer just a chat history. It is a working memory of your business, your research, your drafts, and increasingly your connected tools and agents. That makes it a phishing target. The good news for European organisations: the same hardware key you would use to harden your inbox or your password manager will lock down your AI accounts too, and it directly addresses the phishing-resistant authentication expectation in NIS2 Article 21.
OpenAI just made this concrete. On 30 April 2026 they launched Advanced Account Security for ChatGPT and Codex, an opt-in setting that disables password sign-in, removes email and SMS recovery, and forces login through passkeys or hardware security keys. If you lose every credential, OpenAI cannot restore the account. That is the trade-off, and for journalists, executives, lawyers, and anyone whose AI history would embarrass them on a leak site, it is the right one.
The same logic applies whether your team lives inside ChatGPT, Microsoft Copilot, Google Gemini, Anthropic's Claude, or Perplexity. The path to a phishing-resistant AI account runs through either the AI provider's native FIDO2 support, or the underlying SSO account you sign in with. Either way, one hardware key handles it. (For the regulatory frame, our deep dive on NIS2 Article 21 and what "phishing-resistant authentication" actually means sets out where this lands in practice.)
OpenAI: ChatGPT and Codex
OpenAI's Advanced Account Security accepts any FIDO-compliant security key. Alongside the launch, OpenAI and Yubico announced a co-branded bundle priced well below retail:
- YubiKey C NFC, OpenAI edition: USB-C plus NFC, suited to phones, tablets, and as a portable backup.
- YubiKey C Nano, OpenAI edition: a low-profile USB-C key designed to live permanently in a laptop port.
Both run a stripped variant of the YubiKey 5 firmware. FIDO2 and WebAuthn are present, OTP is not. They are functionally a FIDO-only key, sold at preferred pricing to OpenAI account holders that OpenAI selects as eligible.
If you are not selected, nothing about the offer is a barrier. Any FIDO2-compliant security key will register against ChatGPT in exactly the same way.
Microsoft Copilot (Microsoft 365 and Entra ID)
Copilot inherits the security of the Microsoft account or Entra ID tenant it runs under. Microsoft has supported FIDO2 hardware keys natively for years. Adding a YubiKey to your account, or to your tenant's authentication methods policy, will phishing-protect Copilot, Outlook, Teams, OneDrive, and the rest of Microsoft 365 in one move. For personal Microsoft accounts, our step-by-step setup guide walks through it.
For tenants on Entra ID Premium, FIDO2 keys can be enforced as the only acceptable second factor for sensitive groups. If your CIO is asking what to do about agentic AI before staff start handing it permissions, this is one of the answers. We have written more on that pressure in Your AI agent can't hold a YubiKey: that's the point.
Google Gemini
Gemini lives inside the Google account. Any FIDO2 security key can be added as a second step under 2-Step Verification, and any FIDO2 key can be used to create a passkey for passwordless sign-in. For high-risk users, Google's Advanced Protection Program enforces the use of two security keys and disables the same risky recovery routes that OpenAI is now disabling by default. Our Google account setup guide walks through the registration step by step.
Secure the Google account, and you secure Gemini, Gmail, Drive, and Workspace at the same time.
Anthropic Claude
Claude's consumer login at claude.ai supports email-and-password with TOTP-based two-factor authentication, plus Google sign-in. There is no native FIDO2 hardware key option at the consumer tier yet.
What that means in practice:
- If you sign in to Claude with Google, secure your Google account with a YubiKey. The Claude account inherits the protection.
- If you use email-and-password, store the TOTP seed inside the YubiKey using the Yubico Authenticator app. The TOTP code never lives on a phone, and is generated only when the key is touched. This is a materially stronger configuration than an authenticator app on a phone, and we explain why in Hardware security key vs authenticator app: which MFA meets NIS2?.
We expect Anthropic to add WebAuthn over time. Until then, the YubiKey-as-TOTP setup is the strongest option Claude allows.
Perplexity
Perplexity does not use passwords. Sign-in is via Google SSO, Apple SSO, or a magic link by email, with optional SMS verification. Two consequences follow.
First, SMS 2FA is no longer adequate as a sole second factor under any reasonable reading of NIS2 Article 21 or GDPR Article 32. Second, the strength of your Perplexity account is the strength of whichever account you sign in with. If that is Google, harden it with a YubiKey. If that is Apple, hardware-key your Apple ID. If it is your inbox, treat that inbox as a tier-one identity asset and lock it down the same way.
Two keys, not one
Whichever path you take, register at least two keys. OpenAI's Advanced Account Security requires it, and so does Google's Advanced Protection Program. The reason is the same in both: with email and SMS recovery disabled, a single lost or broken key leaves you with no way back into the account. Under DORA, that kind of self-inflicted lockout can also be an operational resilience event you have to report.
The standard pattern is one key on your daily-driver device or keyring, and a second key locked away as a backup. The Nano-and-NFC pairing exists because it solves this problem cleanly: one stays plugged in, one travels.
Choosing a key
Trust Panda holds EU stock in Hungary and ships across the European Union. Two product families are worth knowing for AI account security specifically:
- The Yubico Security Keys range is FIDO-only and is the closest functional match to the OpenAI co-branded keys. It works for ChatGPT and Codex, and for Google, Microsoft, GitHub, Okta, and the rest of the WebAuthn ecosystem. Excellent value, and a strong fit if FIDO2 is all you need.
- The YubiKey 5 Series does everything the Security Key does and adds smart card (PIV), OpenPGP, OATH-TOTP (the Claude case above), and Yubico OTP. If you want one device for ChatGPT, your password manager, your SSH keys, your corporate SSO, and TOTP for sites that have not yet adopted FIDO2, this is the one.
Form factor matters too. The YubiKey 5 NFC and YubiKey 5C NFC cover most laptops and phones, and the YubiKey 5C Nano is designed to live in a USB-C port permanently as a daily driver. For a head-to-head walkthrough of the full range, see Which YubiKey is right for you?.
Beyond AI
A FIDO key registered for ChatGPT is not a single-purpose device. The same key will phishing-protect your Microsoft 365 tenant, your Google Workspace, your password manager, your GitHub, your AWS root, your Okta, and several hundred other services. The marginal cost of locking down your AI accounts is low, because the key pays for itself across everything else you sign into. Our list of the top 10 accounts everyone should secure with a YubiKey is a useful sequencing guide for the rollout.
If you have held off on hardware MFA because the threat felt abstract, the AI account is a useful prompt. The data inside it is no longer abstract.
Buying from Trust Panda Europe
Trust Panda is Yubico's authorised retail and ecommerce partner in the European Union, with operations based in Hungary. We hold EU stock, ship across the EU, and can advise on individual purchases through to enterprise rollouts, NIS2 readiness assessments, and DORA-aligned authentication uplifts. The Yubico Security Keys and the YubiKey 5 Series are both available now.
If you are unsure which key fits your environment, get in touch. We will help you size the deployment and pick the right form factor before you spend a cent.
