For easy leak, replay attacks, the burden of overweight and other issues in password-based user authentication schemes for electronic commerce, this paper proposes a user authentication scheme based on message authentication code to solve these problems. This algorithm has countable and time-bound features, does not require any password or verification table, it is under firm security. This algorithm has a lower computational overhead on client, can be used in mobile environment with limited computing capability.