User authentication and privacy protection are important issues for wireless and mobile communication systems such as GSM, 3G, and 4G wireless networks. Recently, Yoon et al. proposed a user-friendly authentication scheme with anonymity for wireless communications. However, in this paper, we show that user anonymity of their scheme is not achieved under the eavesdropping attack and their scheme is not fair in the key agreement. In order to ensure security authentication and protect user anonymity for wireless communications, we propose a novel user authentication scheme with anonymity based on elliptic curve cryptosystem, which can resist various known types of attacks and is more practical for wireless and mobile communications. Copyright © 2012 John Wiley & Sons, Ltd.