The Internet and mobile communication systems are being developed, and related applications for managing personal information require user authentication for confirming legitimate users. One-time password authentication methods secure user's authorities by changing the verifier every time. The S/Key is a famous one-time password authentication scheme, which is based on Lamport's scheme. T.-C. Yeh et al. have point out security problems of the S/Key scheme and have proposed a variant of the S/Key scheme, which can be applied to smart cards. However, this method risks certain attacks, too. Those two proposed schemes use counter value, which can easily be modified by an attacker. Herein we discuss security problems of the S/Key and Yeh-Shen-Hwang's password authentication schemes using forgery attacks and stolen-verifier attacks.