With the aid of three-party password-authenticated key exchange (3PAKE) protocol, two users, each of which shares a low-entropy password with the trusted server, could agree on a common session key securely. Since 3PAKE protocols reduce the burden of password management dramatically when the total number of users is very large, they have attracted much attention recently. However, most of the existing 3PAKE protocols are designed in the scenario where a user stores her/his plain password in the password file of the server, henceforth no protection would be provided once the password file is leaked. This study investigates the analysis and design of verifier-based 3PAKE protocols, where the server holds a verifier of a password other than the plain password. Firstly, it is shown that a recently proposed verifier-based 3PAKE protocol is not secure, which is vulnerable to off-line dictionary attack. Then, aiming to overcome the existed deficits, a new verifier-based 3APKE protocol is proposed and its security is proved in the standard model. Comparisons show that the proposed new scheme takes the advantage of security as well as enjoys practical efficiency.