Authentication credentials
IoT messaging protocols often support the ability to use different types of credentials for authentication with external services and other IoT devices. This section examines the typical options available for these functions.
Passwords
Some protocols, such as MQTT, only provide the ability to use a username/password combination for native-protocol authentication purposes. Within MQTT, the connect message includes the fields for passing this information to an MQTT broker. In the MQTT Version 3.1.1 specification defined by OASIS, you can see these fields within the connect message (reference: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html):
Note
There are no protections applied to support the confidentiality of the username/password in transit by the MQTT protocol. Instead, implementers should consider using the Transport Layer Security (TLS) protocol to provide cryptographic protections.
There are numerous security considerations related to using...