OpenAI Codex Now Requires Phone Verification

OpenAI's Codex platform has started enforcing mandatory phone number verification for all users, a sudden policy shift that is catching paying subscribers off guard and locking some out of accounts they have already paid for. The change, which appears to have rolled out without prior notice, requires users to verify their identity via WhatsApp-delivered codes — even if they originally registered using Google OAuth login.

The new requirement is generating significant frustration among developers worldwide, particularly those in regions where WhatsApp verification poses logistical or financial barriers. Reports from affected users indicate that the verification wall appears immediately upon login, with no option to bypass or defer it.

Key Facts at a Glance

• Codex now mandates phone verification for all users, including existing paid subscribers
• Verification codes are sent exclusively via WhatsApp, not standard SMS
• Users who signed up with Google login were previously not required to provide a phone number
• The change appears to have been implemented without advance notice or email communication
• Some subscribers report being locked out within days of purchasing a new monthly subscription
• Third-party verification services charge approximately $0.40–$0.50 per code, adding unexpected costs

Sudden Policy Shift Blindsides Paying Users

The most contentious aspect of this change is its abrupt implementation. Users who subscribed to Codex using nothing more than a Google account are now hitting a verification wall that did not exist when they signed up. For some, this means losing access to a service they paid for just days earlier.

One affected user described the experience as being 'trapped' — having paid for a full month of access, used the service only once, and then finding themselves locked out with no clear path forward. The lack of a grace period or advance warning has drawn sharp criticism from the developer community.

This is not the first time OpenAI has tightened access controls. The company previously introduced phone verification for ChatGPT free-tier accounts in 2023, but Codex's paid tier had largely avoided such friction. The extension of this requirement to paying customers marks a notable escalation in OpenAI's identity verification strategy.

WhatsApp-Only Verification Raises Accessibility Concerns

Perhaps the most puzzling element of the new policy is OpenAI's decision to route verification codes exclusively through WhatsApp rather than standard SMS or email. While WhatsApp boasts over 2 billion users globally, the choice introduces several complications.

For developers in corporate environments, WhatsApp may be restricted or unavailable on work devices. Users who prefer not to use Meta-owned platforms for privacy reasons face an uncomfortable choice. And for those relying on virtual phone numbers or VoIP services — common among remote developers and digital nomads — WhatsApp verification often fails entirely.

• Corporate users may face IT policy restrictions on WhatsApp usage
• Privacy-conscious developers may object to linking a Meta platform to their OpenAI account
• Virtual number users often cannot receive WhatsApp verification codes
• Cost implications arise for users who must purchase verification codes through third-party services
• Regional disparities mean some users have easier access than others

The decision contrasts with industry norms. Competitors like GitHub Copilot, Google Gemini Code Assist, and Amazon CodeWhisperer (now Amazon Q Developer) typically rely on email verification or existing platform credentials, avoiding the friction of phone-based verification for paid accounts.

Why OpenAI Is Tightening the Screws

While OpenAI has not issued an official statement specifically about the Codex verification change, the move likely stems from several converging pressures that the company faces as it scales its AI services.

Abuse prevention is almost certainly the primary driver. Codex, which provides powerful code generation capabilities powered by OpenAI's latest models, represents significant computational cost per user. Account sharing, bot-driven abuse, and free-trial exploitation all eat into margins for a company that reportedly spends billions on GPU infrastructure annually.

Regulatory compliance may also play a role. As AI regulations tighten across the EU, UK, and US, companies are under increasing pressure to implement robust know-your-customer (KYC) practices. Phone verification serves as a lightweight identity layer that helps satisfy these emerging requirements.

Finally, there is the matter of rate limiting and fair usage. By tying accounts to verified phone numbers, OpenAI can more effectively prevent individual users from creating multiple accounts to circumvent usage caps — a practice that has been widely documented across AI platforms.

How This Compares to Industry Standards

OpenAI's approach stands out when measured against its competitors in the AI coding assistant space. Here is how major platforms handle user verification for paid tiers:

• GitHub Copilot ($10–$39/month): Requires a GitHub account; no phone verification needed
• Google Gemini Code Assist: Uses Google Workspace credentials; no additional verification for enterprise users
• Amazon Q Developer (formerly CodeWhisperer): Tied to AWS accounts with existing identity verification
• Anthropic Claude (API access): Email-based verification with optional 2FA
• Cursor ($20/month): Email-based signup with no mandatory phone verification

The contrast is striking. Most competitors either leverage existing platform identities or rely on email-based verification. OpenAI's insistence on WhatsApp-based phone verification for a paid coding tool represents an unusually aggressive approach that prioritizes security over user convenience.

What Affected Users Can Do Right Now

For developers currently locked out of their Codex accounts, options are limited but not nonexistent. Here are the most practical paths forward based on community reports and OpenAI's existing support infrastructure.

First, users should attempt to use their primary personal phone number if they have not already. The WhatsApp verification system typically works seamlessly with numbers that already have active WhatsApp accounts. If you have been avoiding linking your personal number, this may be the path of least resistance.

Second, contacting OpenAI support directly may yield results, particularly for users who can demonstrate they are paying subscribers locked out mid-cycle. OpenAI's support team has historically been responsive to billing-related access issues, and there may be manual override options available.

Third, users who believe they cannot complete verification and want their money back should request a refund through OpenAI's billing portal or support channels. Consumer protection laws in the EU, UK, and many US states generally require companies to provide refunds when service terms change materially after purchase.

The Broader Trend of AI Platform Lockdowns

This Codex verification change fits into a larger pattern across the AI industry. As platforms mature and move from growth-at-all-costs to sustainable business models, friction is increasing for users everywhere.

OpenAI raised ChatGPT Plus pricing to $20/month and has been progressively tightening usage limits. Anthropic recently adjusted Claude's usage caps, drawing community backlash. Google has been gating advanced Gemini features behind Google One AI Premium subscriptions at $19.99/month.

The era of frictionless, unlimited AI access is clearly ending. Companies are now balancing three competing priorities: maximizing revenue, preventing abuse, and maintaining user satisfaction. The Codex phone verification saga suggests that for OpenAI, the first two priorities are currently winning.

Looking Ahead: What to Expect Next

Based on OpenAI's trajectory and broader industry trends, several developments are likely in the coming months.

OpenAI will probably expand phone verification to additional products and tiers, potentially including API access. The company may also introduce tiered verification levels where higher usage limits require stronger identity proof — similar to cryptocurrency exchange KYC models.

For the immediate Codex situation, community pressure may force OpenAI to offer alternative verification methods such as standard SMS or authenticator apps. The WhatsApp-only approach is likely a temporary measure rather than a permanent policy, given the accessibility concerns it raises.

Developers who rely on AI coding tools should begin diversifying their toolchain now. Depending on a single provider for critical development workflows creates exactly the kind of vendor lock-in risk that this situation illustrates. Tools like GitHub Copilot, Cursor, and open-source alternatives like Continue.dev and Tabby offer viable alternatives that reduce single-point-of-failure risk.

The Codex verification change is a small but telling signal about where the AI industry is headed. As these tools become essential infrastructure for millions of developers, the terms of access will only become more complex — and more contentious.