We propose a user authentication scheme with user anonymity for wireless communications. Previous works have some weaknesses such as (1) user identity can be revealed from the login message, and (2) after a smart card is no longer valid or is expired, users having the expired smart cards can generate valid login messages under the assumption that the server does not maintain the user information. In this letter, we propose a new user authentication scheme for providing user anonymity. In the proposed scheme, the server is capable of detecting forged login messages by users having only expired smart cards and their passwords without storing user information on the server.