Having been talked about under a variety of names for two or three decades, the Internet of Things is finally coming to fruition. What is still missing, though, is a proper security architecture for it. That currently deployed IoT devices are insecure is testified by the plethora of vulnerabilities that are discovered and exploited daily: clearly “features” are higher priority than “security” in the eyes of the purchasers—and therefore of the manufacturers. But we are talking here of a more structural problem: not “this device is insecure” but “there is no strategic plan and no accepted blueprint to make IoT devices secure”. We should also bear in mind that if purchasers do not understand security vulnerabilities, or cannot articulate their understanding, then manufacturers are unlikely to address them. In this position paper we do not address IoT security in general: instead we focus specifically on the problem of user authentication, addressing which is a pre-requisite of any security architecture insofar as the three crucial security properties of Confidentiality, Integrity and Availability can only be defined in terms of the distinction between authorized and unauthorized users of the sys- tem. However, we should not be misled by the word “authorized”; authorized users may misbehave.