Abstract: In Three-party Password Authenticated Key Exchange（3PAKE） protocols，clients are allowed to share a password verifier with a trusted server.Then，two clients can communicate with each other through the trusted server to build and share the session key.According to the security analyses of Li et al.’s protocol，it suffers from the offline dictionary attack and server compromise attack.This paper proposes an improved protocol which can provide mutual authentication，secure session key and forward security.The improved protocol is also secure to several attacks，including offline dictionary attack and server leaked attack.