This paper delves into the critical security and privacy challenges associated with the integration of Multi-Server architecture with IoT devices to enhance authentication solutions. Our focus revolves around the examination of protocols proposed by Kumar and Om [1] and Haq et al. [3]. Through an in-depth cryptanalysis of these schemes, we uncover vulnerabilities and limitations, elucidating their susceptibility to various security failures. Kumar and Om’s scheme is revealed to be susceptible to issues such as incorrect login features, vulnerability to traceability attacks, and a lack of forward secrecy, along with the potential leakage of temporary information. In the case of Haq et al.’s scheme, identified weaknesses include compromises in user privacy and susceptibility to key compromise impersonation attacks. The paper underscores the paramount importance of mutual authentication between users and application servers, coupled with the negotiation of session keys to thwart key compromise impersonation attacks. In light of these findings, the paper advocates for the development of a novel, efficient, and secure multi-server authenticated key agreement scheme. Such a scheme should not only address existing security concerns but also be adaptable to diverse environments, including multi-application server scenarios and practical applications such as the Internet of Things, medical IoT, and smart homes.