Security Encyclopedia

IoT Authentication

IoT (Internet of Things) Authentication refers to ways to securely and conveniently access connected devices such as smart homes, autos, transportation hubs, and workplaces.

The smart device ecosystem is highly fragmented, having not yet settled on a standard for what hardware, software, and communications protocols are the dominant means to access devices. Enterprises may use RFID badges for secure entryways, while homeowners may use proprietary apps for autos and thermostats. This fragmentation causes poor usability — UX being paramount to the success of the IoT and digital transformation — and higher risk, as system fragmentation and varied settings are unsafe. In all, today’s IoT security is lightweight compared to enterprise application security and the IoT’s aggressive rollout despite this has created a situation where IoT authentication must catch up.

IoT authentication would benefit from a single standard onto which all device makers and solution providers deploy their technology. One solution is to settle on a single user interface (UI) such as consumer mobile devices and to authenticate based on FIDO Alliance open standards for True Keyless Authentication. This would reduce the fragmentation and an over-reliance on passwords, whose use as an authentication mechanism hinders IoT adoption by degrading usability. And, whose security is not in step with the security demands of workplaces, homes, cars, transportation hubs, and critical infrastructure.


“IoT authentication is important since the security of devices, autos, and workplaces is paramount. The risk of unauthorized management of these smart things is too great to cede that security to passwords, whose poor usability has not kept pace with the IoT just as they haven’t kept pace with mobile.”