Voice is increasingly being relied upon as the means to interface with IoT devices. Nowhere is this more true both in the home and public spaces, where digital assistants are becoming as common as traditional computing devices. While enormously useful, such interfaces are problematic from a security perspective in that they accept commands from arbitrary sources. Moreover, because the relationship between a legitimate user and such an interface may be transient (e.g., in a hotel room), solutions such as voice biometrics are not entirely appropriate. In this talk, I will discuss our early work on Two Microphone Authentication (2MA), which relies on a user’s mobile device to help a nearby IoT device determine if that user was the source of a command. I will cover possible deployment scenarios, our proposed scheme, and the results of early experiments.