A password authentication scheme based on El Gamal's (1985) public key cryptosystem and signature scheme is proposed. This scheme permits each user to choose passwords and identities individually. The password is used as the user's secret key. Using the users public key and identity, the computer system can generate a set of test patterns and store them in a verification table. In the test pattern generation procedure, users do not need to submit their secret key. In the authentication procedure, the system does not need to use the system's secret key. Thus the system's secret key and users' secret key can be well protected.<>