Recently, Awasthi et al. proposed a timestamp-based remote user authentication scheme. We point out that their scheme is vulnerable to smart card loss attack, offline password guessing attack and does not preserve anonymity of user. To overcome these flaws, we propose a new remote user authentication scheme. We also show that the proposed scheme not only solves the weaknesses which exist in Awasthi et al.'s scheme, but also can provide session key for the further communication.