Recently, Shao et al. [M. Shao and Y. Chin, A privacy-preserving dynamic id-based remote user authentication scheme with access control for multi-server environment, IEICE Transactions on Information and Systems, vol.E95-D, no.1, pp.161–168, 2012] proposed a dynamic ID-based remote user authentication scheme with access control for multi-server environments. They claimed that their scheme could withstand various attacks and provide anonymity. However, in this letter, we will point out that Shao et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme is vulnerable to two kinds of attacks and cannot provide anonymity.

Recently, Lee et al. [Y. Lee, E. Kim, S. Seok, and M. Jung, A smartcard-based user authentication scheme to ensure the PFS in multi-server environments, IEICE Transactions on Communications, vol.E95-B, no.2, pp.619–622, 2012] proposed a smartcard-based user authentication scheme for multi-server environments. They claimed that their scheme could withstand various attacks and provide the perfect forward secrecy (PFS). However, in this letter, we will point out that their scheme is vulnerable to three kinds of attacks and cannot provide the PFS.