A remote user authentication system has become an important part of security, along with confidentiality and integrity, for systems such as the Internet that offer remote access over untrustworthy networks. In 2006, Liaw et al. proposed an efficient and complete remote user authentication scheme using smart cards that includes a session key being agreed and an updated password phase. However, the current paper demonstrates that Liaw et al.'s scheme is vulnerable to some attacks and then presents an improved scheme in order to isolate such security problems.