Wireless sensor networks (WSNs) are getting popular for their deployment in unattended environments, where a registered user can log in to the network and access data collected from the desired sensor. Because of limited resources and computation power in sensor nodes, an authentication protocol should be simple and efficient. M.L. Das proposed a two-factor authentication scheme for WSNs. Because his scheme uses only one-way hash function and XOR operation, it is well suited for resource-constrained environments. Because of some flaws in Das's scheme, several improved schemes have been introduced. In this paper, we show that Das's scheme and its derivatives not only have security imperfections but also do not provide key agreement. To overcome their security shortcomings, we propose a novel user authentication scheme with key agreement for WSN. We furnish security analysis of the proposed protocol to show its robustness to various attacks as well as analyze its performance to determine its efficiency. We provide protocol analysis and verification of the proposed protocol. Compared with the existing schemes, it is more robust and offers better security. Copyright © 2012 John Wiley & Sons, Ltd.