Traditional password-based user authentication protocols authenticate the legitimacy of the user by checking his valid password and identity. However, the password is either a long meaningless string, which is difficult for user to memorize, or a short easily-memorized password, which is easily suffered from password guessing attacks. Some user authentication protocols with three factors are recently proposed to achieve higher security and better user friendliness. Legitimacy of the user is authenticated by a smart card, user's biometric characteristics, and a password. We proposed a new user authentication protocol with three factors for multi-server environments based on protocol of Fan et al. which is designed for single server. It allows the user to register and login several servers by memorizing only one password. This protocol is secure against some potential attacks and impersonation attack plotted by any malicious server manager.