In 2000, Peyravian and Zunic proposed a simple and efficient password authentication scheme based on the collision-resistant hash function. Later, Hwang and Yeh indicated that Peyravian and Zunic’s scheme is insecure and proposed an improvement by using the server’s public key. Nevertheless, in practice, services that do not use public keys are quite often superior to PKIs. At the same time, Lee, Li and Hwang indicated that Peyravian and Zunic’s scheme suffers from off-line password guessing attacks and presented an improved version. However, Lee-Li-Hwang’s proposed scheme is still vulnerable to the same attacks and denial-of-service attacks. Therefore, this article presents a secure and efficient improvement.