The Internet of Things adapted by the industries, known as Industrial Internet of Things (IIoT), increases the production rate by reducing the risk factor. The wireless devices deployed in the open places are always susceptible to various attacks including cloning and physical attacks. Thus security of IIoT devices becomes the primary concern of these days. The resource constraint IIoT devices demand light weight security schemes to authenticate communicating devices and protect the privacy of industrial data. In this article, an authentication scheme with low computation and communication cost has been proposed using multiple factors, namely smart card, password, physical unclonable function (PUF), and fuzzy extractor. PUF helps in preventing the cloning of smart card and generates unique challenge‐response pairs to authenticate the smart devices. The environmental noise, produced by the operation of PUF, is extracted by the use of fuzzy extractor. Real‐or‐Random (ROR) model and Burrows‐Abadi‐Needham (BAN) logic has been used for formal security analysis of the proposed scheme, which is resilience against replay attack, man‐in‐the‐middle attack, masquerading, forgery and impersonation attacks, camouflage attack and offline password guessing attack. The performance evaluation has been done using Raspberry Pi, lunchbox, and a laptop. The simulation results show that the proposed scheme outperforms the existing methodologies in terms of end‐to‐end delay, throughput, packet loss, computation cost, and communication cost.