If you use IoT services with a user password, such as a lightbulb, a thermostat, and a CCTV camera, you have to rethink using IoT services. If your credentials are stolen, someone can operate your IoT things without knowing.
To increase credential security, IoT services support 2FA and biometric authentication but people still use passwords. A reason is existing OTP dongles or biometrics only fit well when the user uses a single device. If a user uses multiple devices such as a smartphone, tablet, and laptops to control IoT services, only a user password works interchangeably. A user authentication method should be interchangeable for all smart devices but existing 2FA or passwordless technologies work only with certain devices or are inconvenient. So existing 2FA or passwordless technologies are troublesome to the user who uses IoT services with multiple devices.
To make this successful, we need to think about a universal crossover authentication method for IoT services using multiple smart devices. Instead of the user inputting a user credential, we should make IoT services present the credential, then we are free from user credential management. That is the AutoPassword for IoT.
All IoT services should support all smartphones and PCs at home relying on the user password. They are added on top of a user password in case a user loses an OTP dongle and the smartphone for the IoT devices at your home.