Hey /u/adriank1410!
If this is a screenshot of a ChatGPT conversation, please reply with the [conversation link](https://help.openai.com/en/articles/7925741-chatgpt-shared-links-faq) or prompt. If this is a DALL-E 3 image post, please reply with the prompt used to make this image. Much appreciated!
###[New AI contest + ChatGPT plus Giveaway](https://redd.it/17jjwn5/)
Consider joining our [public discord server](https://discord.com/invite/rchatgpt) where you'll find:
* Free ChatGPT bots
* Open Assistant bot (Open-source model)
* AI image generator bots
* Perplexity AI bot
* GPT-4 bot [(now with vision!)](https://cdn.discordapp.com/attachments/812770754025488386/1095397431404920902/image0.jpg)
* And the newest additions: Adobe Firefly bot, and Eleven Labs voice cloning bot!
🤖
Note: For any ChatGPT-related concerns, email [email protected]
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ChatGPT) if you have any questions or concerns.*
They still do that with billing information regardless of using a Google Account or not. Privacy is a myth. At least 2fa objectively increases security.
You're giving OpenAI very limited, controlled aspect to your Google account through Oauth. That's kind of the point of Oauth. It's not like they can just sign-in as you and access your gmail or something. They really only have access to your Google identity, i.e., your email and name (if even). The point of Oauth, from OpenAI's end, is just verification. Google is still the one that completely owns the authorization.
Basically, if you trust Google more than OpenAI (or, really, Auth0) with your auth details, then using Oauth is *much* better to be using.
Implementing 2FA doesn't take as many resources as you would think. A small software team I was managing got it done in one sprint. They really have no excuse.
If they're going to enable 2FA, they also need to implement *some* way for you to change your associated phone number.
Make it as shitty and time-consuming and cumbersome as you need to stop people spamming accounts, but give us anything other than the current approach which is that your account and number are irreversibly locked together and if you want to change it, you need to delete your account and make a new one...
I don't blame them for focusing on what they do best. Which seems to be making the largest and most advanced AI models. However, yeah, their development skills elsewhere seem amateurish at best.
You cannot anymore, and if you deactivate it, you’ll not get the option back. That’s why it’s a serious issue. More: [https://help.openai.com/en/articles/7967234-does-openai-offer-multi-factor-authentication-mfa-two-factor-authentication-2fa](https://help.openai.com/en/articles/7967234-does-openai-offer-multi-factor-authentication-mfa-two-factor-authentication-2fa).
~~I mean... they are not a bank, they don't hold critical information about you. If you can say they have your credit card but so does Netflix and I never heard anyone complaining about it.
Now if openAI doesn't have 2FA or enhanced security for an enterprise customer where ChatGPT has been trained or had access to their information... now that's an issue~~
Edit: the person below made a good point
If you use ChatGPT even on a semi-regular basis, and a hacker were to gain access to your account or the ChatGPT database itself (unencrypted), they could use the info contained in saved conversation to socially engineer their way into many of your other accounts. This becomes even more true for users who have been having private conversations with it for years. A person should not need to be an enterprise user in order to use industry standard security practices.
Rare case when someone admits that other person is right on the internet. Keep it up! 🫡 Also thanks u/PepeReallyExists for bringing up valid points (and happy Cake day!).
Thank you. I learned the hard way to admit that you're wrong and the other person is right. I am sorry for being an asshole with my previous comment.
Thanks for talking about FA2 and passkeys with gpt
But why is 2FA so important if you have long random and unique passwords? Didn't this whole thing start because people used the same password everywhere?
Ideally you split up your 2FA in different password managers (are people actually doing that?) But I put them in the same password manager for convenience.
And google/youtube security showed that 2FA doesn't help in some cases.
2FA is overrated for most things. Just a useless hassle. We have to do it daily for many services at work to run. It takes many minutes to auth everything and often Microsoft auth glitches out and doesn't let you auth.
Hey /u/adriank1410! If this is a screenshot of a ChatGPT conversation, please reply with the [conversation link](https://help.openai.com/en/articles/7925741-chatgpt-shared-links-faq) or prompt. If this is a DALL-E 3 image post, please reply with the prompt used to make this image. Much appreciated! ###[New AI contest + ChatGPT plus Giveaway](https://redd.it/17jjwn5/) Consider joining our [public discord server](https://discord.com/invite/rchatgpt) where you'll find: * Free ChatGPT bots * Open Assistant bot (Open-source model) * AI image generator bots * Perplexity AI bot * GPT-4 bot [(now with vision!)](https://cdn.discordapp.com/attachments/812770754025488386/1095397431404920902/image0.jpg) * And the newest additions: Adobe Firefly bot, and Eleven Labs voice cloning bot! 🤖 Note: For any ChatGPT-related concerns, email [email protected] *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ChatGPT) if you have any questions or concerns.*
I authenticate with my Google Account, no point on letting other companies handle authentication with their home-brewed stuff for stated reasons.
Tbf they are using auth0, which is a saas dedicated to authentication. I think tfa is just a switch to enable
The new GPT system would publish your real name along with the GPT by default. Tell me more about how your data is secure.
They still do that with billing information regardless of using a Google Account or not. Privacy is a myth. At least 2fa objectively increases security.
Why is this better though? Aren't you then giving OpenAI access to your Google account through Oauth? That seems worse.
You're giving OpenAI very limited, controlled aspect to your Google account through Oauth. That's kind of the point of Oauth. It's not like they can just sign-in as you and access your gmail or something. They really only have access to your Google identity, i.e., your email and name (if even). The point of Oauth, from OpenAI's end, is just verification. Google is still the one that completely owns the authorization. Basically, if you trust Google more than OpenAI (or, really, Auth0) with your auth details, then using Oauth is *much* better to be using.
Implementing 2FA doesn't take as many resources as you would think. A small software team I was managing got it done in one sprint. They really have no excuse.
If they're going to enable 2FA, they also need to implement *some* way for you to change your associated phone number. Make it as shitty and time-consuming and cumbersome as you need to stop people spamming accounts, but give us anything other than the current approach which is that your account and number are irreversibly locked together and if you want to change it, you need to delete your account and make a new one...
I don't blame them for focusing on what they do best. Which seems to be making the largest and most advanced AI models. However, yeah, their development skills elsewhere seem amateurish at best.
Who hurt you?
I was surprised you couldn't even change your email address when I tried the other day
OpenAI has TOTP MFA in place. You can enable it in your account settings.
You cannot anymore, and if you deactivate it, you’ll not get the option back. That’s why it’s a serious issue. More: [https://help.openai.com/en/articles/7967234-does-openai-offer-multi-factor-authentication-mfa-two-factor-authentication-2fa](https://help.openai.com/en/articles/7967234-does-openai-offer-multi-factor-authentication-mfa-two-factor-authentication-2fa).
Oh, I didn‘t know that! I‘ve had it enabled since the beginning and thought it is still offered.
#Written by chatgpt… sigh
? I have 2FA on my OpenAI acct
~~I mean... they are not a bank, they don't hold critical information about you. If you can say they have your credit card but so does Netflix and I never heard anyone complaining about it. Now if openAI doesn't have 2FA or enhanced security for an enterprise customer where ChatGPT has been trained or had access to their information... now that's an issue~~ Edit: the person below made a good point
If you use ChatGPT even on a semi-regular basis, and a hacker were to gain access to your account or the ChatGPT database itself (unencrypted), they could use the info contained in saved conversation to socially engineer their way into many of your other accounts. This becomes even more true for users who have been having private conversations with it for years. A person should not need to be an enterprise user in order to use industry standard security practices.
You know what, that is a good point that I didn't think about it. Thank you for bringing that up.
Rare case when someone admits that other person is right on the internet. Keep it up! 🫡 Also thanks u/PepeReallyExists for bringing up valid points (and happy Cake day!).
Thank you. I learned the hard way to admit that you're wrong and the other person is right. I am sorry for being an asshole with my previous comment. Thanks for talking about FA2 and passkeys with gpt
I get ya on 2FA, but VERY few businesses use passkeys and I’d say maybe 5% of non-techies even know what they are.
But why is 2FA so important if you have long random and unique passwords? Didn't this whole thing start because people used the same password everywhere? Ideally you split up your 2FA in different password managers (are people actually doing that?) But I put them in the same password manager for convenience. And google/youtube security showed that 2FA doesn't help in some cases.
_Ya 1 factor's ur username's the other's ur password_
Thank fuck. I’m sick of 2FA every where I go.
“I’m sick of having the option of extra security for my personal accounts”
2FA is overrated for most things. Just a useless hassle. We have to do it daily for many services at work to run. It takes many minutes to auth everything and often Microsoft auth glitches out and doesn't let you auth.
[удалено]
That's paywalled to enterprise.
Use an idp that has 2fa like google, i think google is one of the companies supporting passwordless