Password authentication protocols are widely used mechanisms to authenticate identities in networks. In 2006, Yoon et al. proposed a secure password authentication protocol in wireless networks that fixed the drawback of Ma et al.’s protocol. In this article we show that the Yoon et al.’s protocol is still vulnerable to the off-line password guessing attack. We propose an improvement to solve the problem. The improvement protocol is secure while the computation cost is the same with Yoon et al.’s protocol.