The recent past has experienced a steady increase in the adoption of Internet of Things (IoT) in a number of areas such as smart cities, smart homes, smart transportation and smart health. Due to the message exchanges among IoT devices over the public internet, the transmitted data is vulnerable to many security and privacy attacks. Therefore, many schemes have been presented over the recent past to address these challenges. However, many security holes still exist in most of the current techniques. It was also noted that the resource limited nature of most IoT devices renders traditional authentication schemes for main-powered systems with high processing power and large memory infeasible and inapplicable. To address this performance issue, numerous lightweight authentication schemes have been put forward. However, this paper discovered numerous security and privacy gaps in these schemes. Based on these shortcomings, recommendations are given towards the end of this paper which are very critical for security enhancements in this pervasive computing environment.