Summary Due to fast development of wireless technology, wireless sensor networks (WSNs) are used in many applications such environmental monitoring, health monitoring, and area monitoring. To protect WSNs from various security threats, many user authentication protocols have been proposed. Recently, Gope and Hwang have discussed an authentication protocol for WSNs. Here, we show that their scheme is not resistant to stolen verifier, user impersonation, smart card loss, and insider attacks. Also, it does not maintain secrecy of session key and anonymity of sensor node. Then we devise an efficient user authentication protocol using physically unclonable function (PUF) for WSNs to overcome the limitations of their scheme. We present our protocol's informal security analysis to show that is resistant to various known attacks. Formal security verification and analysis of the proposed protocol are done using ProVerif tool and widely accepted Real‐Or‐Random (ROR) model, respectively. In the performance analysis, we show that our protocol offers more security features than the others related schemes.