Owing to the rapid development of the Internet, each user can finish various kinds of trade via the network. Therefore, it is an important issue that ho to confirm the identity of user and user's access rights for any remote server. This paper proposes a secure password-based authentication scheme that satisfies several secure properties including user friendly, mutual authentication, lower computation and communication cost. Besides, this scheme produces the session key through the processes of authentication to ensure privacy and integrity, and solves the unreasonable assumption problem of the secure channel.