Abstract: Recently, Wu and Chieu proposed a user-friendly remote authentication scheme with smart card. In their scheme, the users can choose and change their passwords freely. However, their scheme is insecure. In this paper, we propose two attacks on their scheme.