Skip to Main Content
Password authentication has been adopted as one of the most commonly used solutions in a network environment to protect resources from unauthorized access. Recently, Shieh et al. and Yoon et al. respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme which is immune to the presented attacks.