It’s been received wisdom in the cybersecurity industry for many years that the Internet is “missing an identity” layer. Now we’re on the cusp of the Internet of Things, with calls for the “Identity of Things”. We need a bigger idea. We must avoid over-identifying users and associates of smart devices, and over-collecting personal data about them, lest the IoT become “informatic grey goo”. The IoT is about to make authentication vastly more complex. Of course we need precise and reliable authentication of devices, and the many and varied users of devices, but let’s focus on authentication carefully and with new eyes while we have the chance. What will we really need to know about the different actors in the Internet of Things, and how will we verify the signals?