Remote user authentication is important to identify whether communicating parties are genuine and trustworthy using the password and the smart card between a login user and a remote server. Recently, we find that Kim et al.’s password-based authentication scheme  assume that the attacker cannot extract the secret information of the smart card. However, in reality, the authors in [2,8] show that the secrets stored in the card can be extracted by monitoring its power consumption. Therefore, Kim et al.’s scheme fail to resist smart card security breach. As the main contribution of this paper, a robust remote user authentication scheme against smart card security breach is presented, while keeping the merits of the well-known smart card based authentication schemes.