In this paper, we propose a password authentication key exchange protocol for WLANs (Wireless LANs). We call the proposed protocol as the improved EAP-SPEKE (Extensible Authentication Protocol-Simple Password Encrypted Key Exchange). The improved EAP-SPEKE protocol supports mutual authentication and key derivation. The proposed protocol does not require any modification to the IEEE 802.1X and EAP. Before the protocol begins, the server and client compute one modulo exponentiation. Once the protocol begins, the server and client need to compute another exponentiation for mutual authentication. On the contrary, the EAP-SRP needs to compute two modulo exponentiation during the protocol. The client and server authenticate each other with three message exchanges. Therefore, the number of exchanged message decreases by one compared with the EAP-SRP. Besides, the improved EAP-SPEKE protocol works on the the ECC (Elliptic Curve Cryptosystems) base as well as the DH (Diffie-Hellman) base.