Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between the users and the sever over an insecure channel. By employing a secure remote user authentication scheme, the users and the server can authenticate each other and utilize advanced services. In 2012, Hsieh and Leu proposed a remote user authentication scheme. However, we review and analyze Hsieh and Leu's scheme and find that their scheme can't provide user anonymity and is vulnerable to slow wrong password detection, masquerading attack and password guessing attack. In order to solve these drawbacks, we propose a security-improved authentication scheme which can resist all attacks above. Finally, security formal analysis of the proposed scheme using Burrows-Abadi-Needham logic (BAN-logic) is given, which indicates that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.