The specifically designed application layer protocol for IoT communication is Message Queuing Telemetry Transport (MQTT). The MQTT has high CPU capabilities, and it can connect millions of devices through the internet. The MQTT has high scalability and is easy to implement. It necessitates fewer system requirements to connect the devices. However, the MQTT has no built-in security, and some of the applications implement Transport Layer Security (TLS) for data encryption on MQTT messages. The MQTT is a message transferring protocol among IoT devices, and intelligent hackers can easily read the transferring messages. Utilizing the classical cryptography algorithms on IoT leads to quick network failure due to high computation, storage, and communication overhead. Thus, it emphasizes the need for lightweight security scheme development. The MQTT exploits the SSL/TLS for enabling security during transfer. Moreover, few security schemes in symmetric and asymmetric methods have been used for MQTT in IoT, such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), FBC, and ECC. The impact of those countermeasures on MQTT is varied under IoT scenarios in both complexities as well as security.