Many　password　authentication　schemes　have　been　proposed　for　electronic　commerce　environment;　however,　none　of　them　is　secure　enough.　Hwang　and　Yeh　proposed　an　improvement　on　the　Peyravian-Zunic　password　authentication　scheme　including　protected　password　transmission　and　password　change.　We　demonstrate　that　the　Hwang-Yeh　scheme　is　also　vulnerable　to　several　kinds　of　attacks　though　the　scheme　has　repaired　some　security　problems　of　the　Peyravianis-Zunic　scheme.　Furthermore,　we　propose　an　improved　scheme　to　enhance　security　of　their　scheme　in　the　paper.　Based　on　collision-resistant　hash　function,　the　proposal　employs　techniques　of　salting,　time　stamp　and　trusted　computing　to　be　free　from　worries　of　possible　common　attacks,　such　as　replay　attack,　guessing　attack,　stolen-verifier　attack,　denial　of　service　attack,　impersonation　attack,　and　server　spoofing　attack.　According　to　security　analysis　over　insecure　networks,　the　proposed　scheme　is　the　most　secure　scheme　among　the　Peyravian-Zunic　scheme,　the　Hwang-Yeh　scheme,　the　Peyravian-Jeffries　scheme,　and　the　Wang-Zhang　scheme.