5. Security

5.1. User account

The preconfigured image is not secure by default and at minimum the password for the pi user should be changed!

The Mosquitto broker may be configured to require a username and password, which may then be set in aq.toml.

Should MQTT not be required at all, Mosquitto could be disabled from starting or uninstalled.

The WebSocket API used by the display does not implement any sort of security.