diff --git a/src/MQTTBridge.cpp b/src/MQTTBridge.cpp
index 94573f8..9e7a4aa 100644
--- a/src/MQTTBridge.cpp
+++ b/src/MQTTBridge.cpp
@@ -46,10 +46,11 @@ void MQTTBridge::begin(const MQTTConfig& config, const uint8_t* self_pubkey) {
   if (_config.use_tls) {
     _wifi_client_secure.setInsecure();  // Skip cert verification
     _mqtt_client.setClient(_wifi_client_secure);
-    Serial.printf("[MQTT] TLS enabled\n");
+    Serial.println("[MQTT] TLS enabled");
+    Serial.println("[MQTT] WARNING: Certificate verification DISABLED - vulnerable to MITM attacks!");
   } else {
     _mqtt_client.setClient(_wifi_client);
-    Serial.printf("[MQTT] Plain TCP\n");
+    Serial.println("[MQTT] Plain TCP (no encryption)");
   }
 
   _mqtt_client.setServer(_config.broker, _config.port);
@@ -74,7 +75,7 @@ void MQTTBridge::loop() {
   if (!_network->isConnected()) {
     if (_state == MQTTState::CONNECTED) {
       _state = MQTTState::DISCONNECTED;
-      Serial.println("[MQTTS] WiFi lost, disconnected");
+      Serial.println("[MQTT] Network connection lost, disconnecting");
     }
     return;
   }
@@ -93,7 +94,7 @@ void MQTTBridge::loop() {
     case MQTTState::CONNECTED:
       if (!_mqtt_client.connected()) {
         _state = MQTTState::DISCONNECTED;
-        Serial.println("[MQTTS] Connection lost");
+        Serial.println("[MQTT] Connection lost");
         _last_connect_attempt = millis();
         // Don't reset backoff on connection loss - broker might be down
       } else {
@@ -129,7 +130,7 @@ void MQTTBridge::end() {
 
   _state = MQTTState::DISCONNECTED;
   _initialized = false;
-  Serial.println("[MQTTS] Stopped");
+  Serial.println("[MQTT] Stopped");
 }
 
 void MQTTBridge::attemptConnection() {
@@ -138,7 +139,7 @@ void MQTTBridge::attemptConnection() {
   _state = MQTTState::CONNECTING;
   _last_connect_attempt = millis();
 
-  Serial.printf("[MQTTS] Connecting to %s:%d (backoff=%lums)...\n",
+  Serial.printf("[MQTT] Connecting to %s:%d (backoff=%lums)...\n",
                 _config.broker, _config.port, _current_backoff_ms);
 
   String client_id = String(_config.client_id);
@@ -164,14 +165,17 @@ void MQTTBridge::attemptConnection() {
     _reconnect_count++;
     // Reset backoff on successful connection
     _current_backoff_ms = BACKOFF_MIN_MS;
-    Serial.println("[MQTTS] Connected!");
+    Serial.println("[MQTT] Connected!");
 
     subscribeToCommands();
     publishStatus();
     _last_status_publish = millis();
   } else {
     int rc = _mqtt_client.state();
-    Serial.printf("[MQTTS] Connection failed, rc=%d\n", rc);
+    const char* error_str = getMQTTErrorString(rc);
+    Serial.printf("[MQTT] Connection failed: %s (code %d)\n", error_str, rc);
+    Serial.printf("[MQTT] Broker: %s:%d, User: %s\n", _config.broker, _config.port,
+                  strlen(_config.user) > 0 ? _config.user : "(none)");
     _state = MQTTState::ERROR;
 
     // Exponential backoff: double the delay (up to max)
@@ -180,6 +184,23 @@ void MQTTBridge::attemptConnection() {
   }
 }
 
+const char* MQTTBridge::getMQTTErrorString(int rc) {
+  // PubSubClient state() return codes
+  switch (rc) {
+    case -4: return "Connection timeout";
+    case -3: return "Connection lost";
+    case -2: return "Connect failed (network)";
+    case -1: return "Disconnected cleanly";
+    case 0:  return "Connected";
+    case 1:  return "Bad protocol version";
+    case 2:  return "Client ID rejected";
+    case 3:  return "Server unavailable";
+    case 4:  return "Bad credentials (check username/password)";
+    case 5:  return "Not authorized";
+    default: return "Unknown error";
+  }
+}
+
 void MQTTBridge::setupTopics() {
   snprintf(_topic_status, sizeof(_topic_status),
            "%s/gateway/%s/status", _config.topic_prefix, _gateway_id);
@@ -199,7 +220,7 @@ void MQTTBridge::subscribeToCommands() {
   char topic[100];
   snprintf(topic, sizeof(topic), "%s#", _topic_cmd_prefix);
   _mqtt_client.subscribe(topic);
-  Serial.printf("[MQTTS] Subscribed to: %s\n", topic);
+  Serial.printf("[MQTT] Subscribed to: %s\n", topic);
 }
 
 void MQTTBridge::updateConfig(const MQTTConfig& config) {
@@ -344,7 +365,7 @@ void MQTTBridge::publishMessage(const char* topic, const char* payload, bool ret
   if (_mqtt_client.publish(topic, payload, retained)) {
     _messages_sent++;
   } else {
-    Serial.printf("[MQTTS] Publish failed to %s\n", topic);
+    Serial.printf("[MQTT] Publish failed to %s\n", topic);
   }
 }
 
@@ -391,10 +412,10 @@ void MQTTBridge::handleMessage(char* topic, uint8_t* payload, unsigned int lengt
 
   if (strncmp(topic, _topic_cmd_prefix, strlen(_topic_cmd_prefix)) == 0) {
     const char* cmd = topic + strlen(_topic_cmd_prefix);
-    Serial.printf("[MQTTS] Command received: %s\n", cmd);
+    Serial.printf("[MQTT] Command received: %s\n", cmd);
 
     if (strcmp(cmd, "reboot") == 0) {
-      Serial.println("[MQTTS] Reboot requested");
+      Serial.println("[MQTT] Reboot requested");
       publishStatus();
       delay(100);
       ESP.restart();
diff --git a/src/MQTTBridge.h b/src/MQTTBridge.h
index 725dac1..040e7e5 100644
--- a/src/MQTTBridge.h
+++ b/src/MQTTBridge.h
@@ -117,6 +117,9 @@ private:
   void publishMessage(const char* topic, const char* payload, bool retained = false);
   void publishJson(const char* topic, JsonDocument& doc, bool retained = false);
 
+  // Error code translation for better diagnostics
+  static const char* getMQTTErrorString(int rc);
+
   static uint32_t fnv1a_hash(const uint8_t* data, size_t len);
   bool isDuplicate(const uint8_t* data, size_t len);