Abstract: As the popularity of computer technology and the rapid development of Internet, computer network have penetrated into all aspects of social life. However, the network environment is filled with complexity and uncertainty because of its globalization and opening, which makes it suffer variety of attacks and fake. Therefore, it has been a problem that how to ensure computer network security, which has become the focus that all the country concern. Identity authentication is the indispensable part to construct network information system security, as well as the basis of information security. Currently, digital signature authentication and password authentication are common identity authentication methods. Certificate-based digital signature provides high security, which requires a complete certificate-based system correspondingly. As one of the earliest authentication technology, identity authentication based on password has been widely developed and applied for its simplicity and practicality, which has been one of the most important branches in the network security. Instead of tradi-tional static password authentication with obvious security weakness, dynamic password technology came into existence. It is raised as a way of certification where the password changes randomly every time. In order to im-prove the safety of the login process, uncertain factors are added in the password so that the information which is transferred during certification process is different. In light of the security vulnerability of static password authentication and based on thorough analysis of advantages and disadvantages on traditional CHAP dynamic password authentication scheme and a series of derivative schemes, this paper illustrates an improved CHAP dynamic password mutual authentication protocol, which combines secure hash function and exclusive operation, at the same time introduces interference factor protection. This scheme is divided into three stages: user registration, login authentication and password change. Mutual authentication between server and client is achieved by a three-way handshake exclusively. Compared with other typical improved CHAP scheme, this scheme not only achieve mutual authentication between server and client under the network environment, but also has the advantages of high safety, strong practicability, low cost etc.,. Performance and security testing proves that the scheme can effectively resist most traditional network attacks, which can be used as identity authentication protocol in most insecure network channels, particularly small and medium-sized ecommerce websites because of its small communication, high flexibility.