OpenAI mandates hardware-backed passkeys for Trusted Access Cyber members

speckx 54 points 21 comments July 14, 2026
www.yubico.com · View on Hacker News

Discussion Highlights (7 comments)

rahidz

Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?

nicce

I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.

random3

It’s an advertisement by Yubikey - the hardware key manufacturer

jmole

Cobranded YubiKeys? Weird flex but ok. Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.

UltraSane

I was actually thinking they would have to do this. Having to mail a physical token to a valid address is a extremely powerful access control method.

alberth

Dumb question: is using the built in passkey support on my iPhone not considered “hardware-backed”, even though iPhone is using device biometrics?

kreitter

It's a great deal — about 50% off — for those who already wanted a Yubikey. https://www.yubico.com/store/partner/openai/ Interestingly, I had to switch to my unpaid OpenAI account to access it. I suspect this is because my paid account is registered to a custom.com email address.

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed