In 2014, Yang et al. proposed a new dynamic ID-based user authentication scheme based on smart card which is believed to have many abilities to resist a range of network attacks. However, this paper analyzes the security of Yang et al.'s scheme and then shows that the scheme not only is still vulnerable to off-line password guessing attack, but also does not provide the unlinkability property and user anonymity because of the identity guessing attack unlike their claims.