How it works
Multi-factor authentication (MFA) enhances your account security by requiring a second step to verify your identity during sign-in. Once enabled, MFA is activated across all OpenAI services, including ChatGPT, API Platform, and Labs.
Once MFA is enabled, you will always be prompted to enter a one-time code from your authenticator app when you log in.
How to enable MFA in your account
Multi-factor authentication can be enabled or disabled from either ChatGPT or the API Platform.
ChatGPT
Navigate to the ChatGPT settings and select the Security tab. The Multi-factor authentication option will allow you to turn MFA on or off by selecting Enable or Disable, respectively.
API Platform
Navigate to Your Profile and select the Security tab. Similar to ChatGPT, the Multi-factor authentication button will allow you to toggle MFA on or off by selecting Enable or Disable, respectively.
Enabling MFA
After choosing to enable MFA, you will be prompted to scan a QR code using your preferred authenticator app. After scanning the QR code, you must enter a one-time code from your preferred authenticator app to complete enabling MFA.
Note that once you have enabled MFA, you must log in with the same authentication method in the future. To change your authentication method, you’ll need to disable MFA, change your authentication method, and set up MFA again.
Recovery codes
After enabling MFA, we strongly recommend that you save your recovery codes in a safe place so that you can access your account in case you lose access to your authenticator app or are unable to receive email verification codes.
How to recover access to your account
In the event that you lose access to your preferred authenticator app, you can recover access to your account by following these steps:
Log in to the ChatGPT or the API Platform with your authentication method.
When prompted to verify your identity, select Try another method
When prompted to choose a method to verify your identity, select either a recovery code or email.
If you select email, a code will be sent to the email address associated with your account.
If you select recovery code, you will be prompted to provide the recovery code you saved when you first set up MFA.
Does enabling MFA cancel or log out any logged in sessions?
No, enabling MFA does not expire existing sessions. To cancel or log out any logged in sessions, select the Log out of all devices option in Settings -> Security.
Is it possible to enforce MFA for an entire ChatGPT workspace or API Platform organization?
MFA is not currently supported as a setting at the workspace or organization level.