Recently, Yeh, Shen and Hwang proposed an one-time password authentication scheme, which enhances the S/KEY scheme to resist server spoofing attacks, preplay attacks and off-line dictionary attacks. In this letter, the weaknesses and inconveniences of their scheme are demonstrated.