International Journal of Network Security
Smart cards have been applied on password authentication in recent years. A user can input their identity and password to require services from the remote server. There are various attacks through an insecure network to obtain a user's information. Therefore, many schemes are proposed to guarantee secure communication. However, a lot of schemes are not secure. Recently, they proposed an improved password authentication using a smart card for multi-server environments. In this paper, the authors show the weakness of their scheme and the researcher's scheme cannot resist a password guessing attack.