Abstract: Attack, a method of resisting server compromise attack is given and a new password-based authenticated key agreement protocol is proposed. In this protocol, one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. The analysis of this new protocol shows that the protocol is secure against server compromise attack, dictionary attack,and the Denning-Sacco attack, and provides the property of the perfect forward secrecy.