In the mad rush to sling electronics into the hands of consumers, developers and manufacturers are making it easier than ever to get enrolled into their IoT ecosystems. The time from sale to access is shorter than ever. The question is: Where do we go from there? This talk will analyze responsibly disclosed vulnerabilities in the next steps of identity management and access control in IoT.