Recently, Hwang and Li proposed a remote user authentication scheme that does not require a password table to verify the legitimacy of a legal user. This method uses smart cards. To benefit from this advantage, other research works have explored adding such features as reducing the computational cost, adopting user-friendly passwords, making it easier to change user passwords, etc. However, as cryptanalysis has evolved, a series of modifications that improve the known security flaws have been made subsequently. This article deals with a security problem found in a latest modification and improves it in order to construct a more secure function. The article also highlights a feature, mutual authentication between a server and users, found in many authentication protocols but seldom found in the considered series of modifications.