Most computers are linked together such that facilities can be shared through the connection of networks. However, resources provided by remote servers over the Internet are not free for all users. If someone wants to access facilities from certain remote server, he/she has to pay for the access request. On the other hand, providers of the facilities have to make their resources accessible under appropriate protection. The combination of password authentication scheme and key agreement mechanism is a practical solution for validating remote users and providing secure communications between a remote system and login users.

Without loss of generality, users who want to access a remote server must pass several examinations in the process of authentication. Only after users are authorized by the remote system, they can have the access right to resources provided by the remote server and share a session key with the remote system to ensure the following communications; otherwise, the remote system can reject their access requests. Researchers have proposed lots of password authentication schemes to improve the authentication efficiency and security, so that password authentication has become a popular research topic recently. Employing a time-bounded mechanism, this article describes a novel version which not only achieves the requirements of general password authentication schemes but also allows the remote system to effectively conduct the valid access phase of each legitimate user.