A user friendly remote authentication scheme with smart cards against impersonation attacks

In 2000, Sun proposed an efficient remote user authentication scheme using smart cards without requiring a password table. However, the password of a user is an un-human lengthy password instead of a human memorized password, since it is determined by the system. Recently, Wu and Chieu proposed a user friendly remote authentication scheme with smart cards to achieve the user friendliness that users can freely choose and change their human memorized passwords. This article, however, will show that Wu and Chieu's scheme is vulnerable to two impersonation attacks. We further propose an improvement to withstand the impersonation attacks and achieve Wu and Chieu's claimed security requirements.