The invention a remote identity authentication method based on a password, a smart card and biological features. The method includes the step of registration, the step of logging in and the step of authentication. According to the method, a registration center generates a first parameter set and stores the first parameter set onto the smart card; the smart card verifies local legitimacy of the identity of a user, and if the identity of the user is legal, first verification data relevant to random numbers are generated and sent to a server; the server verifies the legitimacy of the identity of the user, and if the identity of the user is legal, second verification data used for verifying the identity of the server are generated and sent to the smart card; the smart card verifies the legitimacy of the identity of the server, and if the identity of the server is legal, third verification data are generated and sent to the server; the server verifies the identity of the user for the second time, and if the identity of the user is legal, the server and the smart card generate the same session key. The method can resist server denial attacks, verification table theft attacks, replay attacks and the problem of forward secrecy.