In this paper, we first give a new set of design goals for anonymous two-factor authentication scheme. The new set is a refinement of some previously proposed requirement sets; it not only eliminates the redundancies, conflicts and ambiguities of the old ones, but also provides more desired security properties. Then we demonstrate that both of Sun et al.'s scheme and Li et al.'s scheme fail to satisfy all the security goals we propose. Specifically, we point out that Sun et al.'s scheme still suffers from the smart card loss problem and fails to provide user untraceability. Li et al.'s scheme is vulnerable to desynchronization attack. In order to remedy these defects in their schemes, we propose a robust two-factor authentication and key agreement scheme with user privacy preservation achieving all the goals we present. Compared with the previous schemes, our scheme not only provides more security guarantees, but also is still efficient both in computation and communication cost.