Recently, Khan et al. proposed an enhancement of a remote authentication scheme designed by Wang et al., which emphasizes on using dynamic identity. They claimed that their improvement could avoid insider attacks. However, we found that the scheme lacks the anonymity property. Further, Madhusudhan et al. indicated that their scheme also suffers the insider attack. More recently, in 2013, there have been several studies on this field. Nevertheless, only Ding et al.’sscheme has the anonymity property, but it uses an unchanged RSA value whenever the same user logs in. This makes their scheme computationally intensive and traceable for a specific user, thus violating the eighth requirement in Liao et al.’sproposal. Inspired by this observation, in this paper, we propose a novel scheme that can anonymously authenticate a remote user with only two passes of very efficient hash and x-or operations. Moreover, this scheme satisfies all ten requirements (proposed by Liao et al.) of an authentication scheme using card.