To add to this, a good idea would probably be either a physical "allow access" button on the device (think like the clicky button on top of the Philips Hue hub), or a secure random password physically printed on the device that's the default access password.