Given the shady things people have found their smart TVs doing, I'd feel about as safe typing a password into a smart TV as I would changing the password to "hunter2".

The TV should display (or maybe email) a link that I would visit with my primary web browser and grant it permissions - or ask for a password as a very last resort for users who have no computer/phone but somehow have Netflix.

The bbc iPlayer does essentially this now. It creates a short one time code and you type it into a logged in account to activate the smart device.

Of course, when you only have one logged in device and it's tied to a different room, it's mildly irritating, but you only do it once.

Plex and Roku do this. They give you a simple one time URL like plex.tv\U23SL That URL asks you to log in (on your computer) and once it's authorized, the Roku or Plex on your TV gets the signal and continues. Easier than typing on a TV device.

Haven't had to do that yet. My uh-oh case is VR. I just typed 5 chars at a time in the headset and then looked at my phone. The occasional cost is worth it though, only adding ~30 seconds

On my Android TV, I can use my phone as a remote keyboard and copy/paste. But there are some apps which design their own inputs incompatible with the remote keyboard. When this happens I can plug in my physical keyboard directly to the TV.

I use an apple tv, so I can paste it from the mobile app on my iPhone. iOS 12 password manager integration might work too!