Abstract: Recently, Yoon et al. proposed an improved scheme to solve the problems of replay attack and denial of service attack in the Lin et al.’s OSPA scheme. Their scheme can simply update user password, provides mutual authentication between the user and remote server and has more efficient performance by reducing the number of hash operations. In this study, an improved scheme is shown to be vulnerable to the insider attack and smart card loss problem and propose an enhancement of the protocol to solve these problems.