Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Smart device security: are your passwords and updates enough?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Smart device security still comes down to three basics, strong unique credentials, multifactor authentication, and current software, even as connected devices reached roughly 21 billion in 2025 and are projected to reach 39 billion by 2030, according to IoT Analytics. The real governance problem is scale: every new device adds another identity surface that must be managed consistently.

NHIMG editorial — based on content published by Bitwarden: smart device security guidance for connected devices

Questions worth separating out

Q: How should teams secure smart devices that use companion apps and remote access?

A: Treat the device and its companion app as one identity surface.

Q: Why do reused passwords make smart devices harder to govern?

A: Reused passwords collapse multiple device accounts into a single failure point.

Q: What signals show that smart devices are outside acceptable security control?

A: Look for default logins still active, no MFA on remote access, stale firmware, and devices whose support has ended.

Practitioner guidance

  • Replace factory credentials at first use Assign a unique password or passphrase to every smart device during onboarding and prohibit shared credentials across devices or locations.
  • Turn on app-based multifactor authentication Enable MFA in the companion app or device portal, and prefer authenticator-app codes over SMS when both options exist.
  • Track device update support status Maintain an inventory that includes firmware version, auto-update status, and vendor support end dates so unsupported devices can be removed or replaced.

What's in the full article

Bitwarden's full blog covers the operational detail this post intentionally leaves for the source:

  • Step-by-step setup guidance for stronger credentials across common smart devices and companion apps
  • Practical tips for enabling MFA where it is available in consumer device ecosystems
  • Advice on keeping device software current and deciding when unsupported devices should be replaced

👉 Read Bitwarden's smart device security guidance for stronger credentials, MFA, and updates →

Smart device security: are your passwords and updates enough?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Smart device security is an identity hygiene problem, not a gadget problem. The article correctly lands on credentials, MFA, and patching because those three controls govern whether a device behaves as a trusted identity or an open door. In practice, smart devices fail the same way many service identities fail: defaults persist, reuse spreads, and update discipline is inconsistent. Practitioners should treat every connected device as an account with a lifecycle, not just a piece of hardware.

A few things that frame the scale:

  • 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
  • Only 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% at no or low visibility and 47% at only partial visibility.

A question worth separating out:

Q: Who should be accountable for smart device security in an organisation?

A: Accountability should sit with the team that owns the asset lifecycle, not just the team that purchased it. Facilities, IT, security, and identity teams may all have a role, but one owner must be responsible for credentials, updates, and retirement. Without clear ownership, device security becomes everyone’s problem and nobody’s control.

👉 Read our full editorial: Smart device security depends on credential hygiene, not complexity



   
ReplyQuote
Share: