Since the publication of Hwang-Li's password-based remote user authentication scheme with smart cards, a number of password-based authentication schemes with smart cards have been proposed to meet a variety of desirable security and performance requirements. In this paper, security flaws in three password-based remote user authentication schemes with smart cards are pointed out. These results demonstrate that no more password-based authentication schemes with smart cards should be constructed with such ad-hoc methods, i.e., the formal design methodology with provable security approach should be employed in future design.