Broadcast authentication is an important security mechanism for resource constrained devices, like Wireless Sensor Networks (WSNs). In this paper we revise how broadcast authentication has been enforced in this context, and we show that most of the current implementations (generally based on lightweight hash chain implementing time limited validity of the authentication property) leave open the possibility of a dreadful attack. We detail such an attack, and propose three different protocols to cope with it: PASS, TASS, and PTASS. We further analyze the overhead introduced by these protocols in terms of set-up, transmission overhead, and on device verification.