Skip to Main Content
J.K. Lee et al. proposed an improved password authentication scheme without using a password table by employing a fingerprint verification mechanism in the user's smartcard and two servers' secret keys (see Electron. Lett., vol.38, no.12, p.554-5, 2002). It is shown that their scheme is vulnerable to a simple and effective forgery attack. In addition, it is demonstrated that their scheme is not easily repairable.