# Login Authentication

The login authentication feature in EMQX Edge allows MQTT clients to authenticate using. This mechanism complies with the username/password authentication specification defined in the MQTT protocol. You can refer to [5.4.1 Authentication of Clients by the Server](http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Security), which outlines a method for the MQTT broker to authenticate clients. This method is used here for login verification.

## Configuration Items

| Name       | Type   | Description |
| ---------- | ------ | ----------- |
| `username` | String | Username    |
| `password` | String | Password    |

Write the username and password in the format below and save it to the `nanomq_pwd.conf` file. 

```bash
username:password
```

**Example**

```bash
# # Write "username":"password" in this way.
admin: public
client: public
```

::: tip 

Username MUST be a UTF-8 encoded string as defined by the MQTT Standard.
EMQX Edge provides a built-in method to encrypt passwords to avoid storing credentials in plain text. This requires additional tooling. Please [contact us](https://www.emqx.com/en/contact) for guidance on enabling password encryption.

:::

In this configuration, there are two users, `admin` and `client`, both with the password `public`. So user `admin` and `client` are allowed to work with EMQX Edge when `allow_anonymous` is `false` unless explicitly denied by the system.  

To activate the password file, include it in `nanomq.conf`, as described in the [Access Control Introduction](introduction.md).

**Example:**

```bash
password = {include "/etc/nanomq_pwd.conf"}
```