This document analyzes and summarizes the cryptanalysis of a recent two-factor authentication scheme proposed by Wang and Ma. The analysis points out some issues with the scheme. Specifically, while the scheme claims passwords are not stored on the server, identities are stored in a table on the server without cryptographic protection. The analysis also shows that an adversary could break the scheme by determining a user's identity from their compromised smart card, even though the paper does not explicitly give the adversary this capability. Through capturing a smart card, determining the user's identity, and running an offline password guessing attack, the entire scheme can be compromised if either factor is obtained.