Abstract: To solve security defects generally lain in many existing protocols, such as offline dictionary attack, lack of anonymity and no forward security, based on the latest security model, this paper adds KSSTI attack and registered legitimate user attack into the security model evaluation standard to form an enhanced security model. Based on this enhanced security model, a multi-factor security enhanced authentication protocol for wireless sensor networks is proposed, which realizes the secure session key negotiation among users and sensor nodes through the gateway. The results of BAN logic and heuristic analysis show that the protocol realizes two-way authentication and meets the important security attributes of anonymity, forward security, resistance to internal attacks, resistance to KSSTI attacks and so on. Compared with the existing protocols, this protocol has higher security level and moderate amount of computation and communication. It is suitable for the application scenarios with high security level requirements and limited computing resources of sensor nodes.