Password authentication is the most important and convenient protocol for verifying users to get the system's resources. Lin et al. had proposed an optimal strongpassword authentication protocol (OSPA) which is a onetime password method. It can protect against the replaying attacks, impersonation attacks, and denial of service attacks. However, the authors shall show that the OSPA protocol is vulnerable to the guessing attacks in this paper.