If the MQTT account is shared and fixed in the device, I am worried that the device will be cracked and the account will be leaked.
I am developing a linux embedded device, using MQTT communication, currently the MQTT account is in the configuration file.
Thank you John Rotenstein and Rimuru Tempest posting your discussions as answer to help other community members.
Make sure to have X.509 certificate for each device. use this certificate to authenticate. This will help you remove the dependency of account.