Your ChatGPT and Claude Accounts Are a Bigger Target Than You Think — Here's How to Lock Them Down
Last updated: 2026-07-15
You've already done the hard part. You run a local model for anything sensitive. You know which cloud AI providers train on your prompts and which don't. You have a dedicated email alias for AI tool signups. Your threat model is documented and your habits are good.
Then someone logs into your ChatGPT account from a residential proxy in another country, because the password you used for it was also the password you used on a shopping site that got breached two years ago.
This is the adjacent problem that privacy-conscious AI users consistently skip: the account itself. Not the prompts you send, not the provider's training policy — the login. And the reason it matters more now than it did two years ago is that AI accounts have quietly become one of the richest single targets an attacker can compromise.
Why Your AI Account Is Worth More Than It Used To Be
Think about what actually sits behind your ChatGPT, Claude, or Perplexity login today, if you've been a regular user for more than a few months:
- Persistent memory. ChatGPT's memory feature and Claude's project context retain facts about you, your work, your preferences, and your relationships across sessions — by design, so the model doesn't need to be re-briefed every time.
- Full conversation history. Months or years of prompts, often including drafts of contracts, therapy-adjacent venting, medical questions, business strategy, unreleased code, and half-formed ideas you'd never say out loud in a meeting.
- Connected tools. If you've linked Google Drive, GitHub, Gmail, or an MCP server to give the model more context, the account is no longer just a chat log — it's a credential that can reach into other systems.
- Billing and payment details. A paid subscription tied to a stored card.
- Your writing fingerprint. Enough conversation history to convincingly impersonate your tone in a follow-up message, which matters if an attacker uses the compromised account to social-engineer someone else in your life.
Five years ago, a compromised email account was the crown jewel because it could reset every other password. Today, a compromised AI account is arguably richer: it's a searchable archive of your intentions, not just your identity.
Attackers have noticed. Account-takeover activity against AI service logins tracks the same pattern seen against every high-value SaaS category before it — first opportunistic credential stuffing, then automated tooling built specifically for the target, then a resale market for verified working accounts. AI services are now far enough along that trajectory that "it won't happen to my account" is no longer a safe assumption just because you're not famous or wealthy. Automated attacks don't check who you are before they try.
The Weak Link Is Almost Never the Provider
It's tempting to think of this as a problem the AI companies need to solve. In practice, the compromise almost never starts with a breach at OpenAI, Anthropic, or Perplexity. It starts with you, in one of two predictable ways.
Password reuse. You have one password, or a small rotating set, and you've used it — or a close variant — across dozens of accounts over the years. When any one of those unrelated services gets breached (and at your account count, statistically one already has), the leaked email-and-password pair gets tested against every major login page on the internet within days. This is credential stuffing, and it is almost entirely automated. Nobody is targeting you personally; a bot is targeting everyone, and you happen to be in the list.
SMS-based two-factor authentication. SMS 2FA feels like protection, and it's better than nothing, but it has a well-documented failure mode: SIM swapping. An attacker who has enough of your personal information — often obtained from the same breach that leaked your password — can convince a mobile carrier's support line to port your number to a new SIM. From that point, every SMS code meant for you arrives on the attacker's phone instead. SMS 2FA doesn't stop a targeted attacker; it slightly slows down an opportunistic one.
Both of these failure modes share a root cause: they rely on a secret (a password, a phone number) that can be stolen, guessed, or socially engineered away from you. The fix is to stop relying on secrets that can be extracted, and switch to something that physically cannot be phished.
Passkeys: Why This Is the Actual Fix, Not a Buzzword
A passkey is a cryptographic key pair generated on your device. The private half never leaves your device or your encrypted vault — it's never typed, never displayed, never transmitted, and never stored on the service's servers in any form an attacker could steal and reuse. The service only ever holds the public half, which is useless to an attacker on its own.
This solves both problems above at once:
- Nothing to stuff. There's no password to leak from an unrelated breach, because there's no password.
- Nothing to phish. A passkey is cryptographically bound to the exact domain it was created for. A convincing fake login page — even one that fools you completely — cannot receive a valid passkey response, because the browser checks the domain before anything happens. This is the property that SMS codes and even app-based 2FA codes don't have: you can be tricked into typing a 2FA code into a phishing site. You cannot be tricked into handing over a passkey.
- Nothing to SIM-swap. There's no phone number in the loop at all.
The catch with passkeys has always been storage and portability: where do you keep them so they sync across your laptop, phone, and any new device you buy, without locking you into a single hardware vendor?
Proton Pass as a Passkey and 2FA Vault
This is the part of the stack that privacy-conscious users tend to underbuild, because it feels like a solved problem ("I'll just use whatever my phone offers"). The default platform passkey managers (iCloud Keychain, Google Password Manager) work, but they tie your passkeys to a single ecosystem and put them under the same account you're often trying to reduce your dependence on.
Proton Pass handles both passkeys and time-based 2FA codes in one end-to-end encrypted vault that isn't tied to your phone's OS vendor:
- Passkey storage and generation. Proton Pass can create and store passkeys directly, usable across its browser extension, desktop apps, and mobile apps, independent of whether you're on iOS, Android, macOS, Windows, or Linux.
- Built-in authenticator. For the AI services that don't yet support passkeys and still rely on TOTP-based 2FA (the six-digit codes from an authenticator app), Proton Pass includes that authenticator natively, so you're not juggling a separate app.
- Zero-knowledge, Swiss-jurisdiction encryption. The same architecture that protects Proton Mail applies here — Proton cannot read what's in your vault, and Swiss law requires a Swiss court order to compel disclosure.
- Cross-device sync without a Big Tech account. Your passkeys and 2FA codes sync across every device you own through your Proton account, not through Apple or Google.
- Emergency access and offline availability. Vault contents remain accessible offline once unlocked, and Proton Pass supports secure emergency access so you're not permanently locked out if you lose a device.
Move your AI account security off passwords and SMS
Proton Pass stores passkeys and 2FA codes in one zero-knowledge vault under Swiss law — synced across every device, independent of Apple or Google.
Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.
Stay ahead of the privacy and security threats that matter to tech workers. We send one email per week — no filler, no ads.
Stay Updated
Join our newsletter for the latest updates.