This paper investigates verifier-based password authenticated key exchange (PAKE) protocols in the three party setting. We first show that the protocol recently proposed by Li et al. is vulnerable to off-line dictionary attack and unknown key-share attack. Moreover, we also show that the direct elliptic curve (EC) analog of the DL based protocol proposed by Kwon et al. can’t resist the off-line password guessing attack. Thereafter we present an enhanced protocol that can be securely implemented over elliptic curves. And yet, our proposal is simple and efficient. Therefore, the protocol is quite popular in low resource environments. Finally, as a result of our work, we also hope to have contributed towards a better understanding that it is important to study the precise adaptation of DLbased password authenticated protocols since direct EC analogs of DL based protocols may be susceptible to some new attacks.