Recently Lu et al. proposed a modified anonymous two-factor authenticated key exchange protocol to eliminate the security weaknesses of Xie et al.'s scheme. They hence claimed that their scheme is immune to possible well-known attacks. However, we found that Lu et al.'s protocol is still insecure against the outsider attack, user impersonation attack, and off-line password guessing attack. To overcome these vulnerabilities, we propose an enhanced authentication with key-agreement protocol which is based on fuzzy extractor for mobile client-server environment. Furthermore, we demonstrate that the proposed authentication protocol has strong resistance to various well-known attacks. Finally, we compare the performance and functionality of the proposed scheme of the proposed scheme with other related schemes.