Nowadays, wireless sensor networks (WSNs) are essential for monitoring and data collection in many industrial environments. Industrial environments are usually huge. The distances between the devices located in them can be vast; in this case, the Industrial Internet of Things (IIoT) leads to greater productivity and efficiency of industries. Furthermore, the sensor devices in IIoT have limited memory and constrained processing power, and using gateway nodes is inevitable to cover these vast areas and manage communications between industrial sensors. Security threats such as compromised devices, denial of service, and leakage of confidential information can incur hefty expenses and irreparable damage to industrial systems. Hence, in the IIoT hierarchical architecture, anonymous and mutual authentication between users, gateway nodes, and sensor nodes is essential to protect users and the system’s security and privacy. In this article, we propose a lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-Based IIoT (LAPTAS). In LAPTAS, registered users can use their security smartcard to communicate with sensors and access their data. Moreover, the proposed scheme supports sensor node dynamic registration, password and biometric change, and revocation phase. Additionally, we evaluate and verify our scheme’s security formally using the Real-or-Random model and informally with the automatic cryptographic Protocol Verifier tool(ProVerif). Finally, our scheme is simulated by the OPNET network simulator and compared with other similar schemes to ensure that the LAPTAS meets all security and performance requirements.