In the paper, the authors have investigated four authentication protocols. In Bindu et al scheme an insider can employ his own secrecy in the smart card issued from the server to successfully impersonate another user by getting the victim?s smart card. In both Goriparthi et al.?s and Wang et al.?s schemes, their password change phases are easily subjected to a DOS attack, because no proper mechanism to verify user ?s input password. Finally, in Holbl et al. scheme, any legal user can extract KGC?s private key.