This paper presents an entire chaos-based biometric remote user authentication scheme on tokens without using passwords. The proposed scheme is based on the chaotic hash function and chaotic pseudo-random number generator to provide secure mutual authentication over an insecure channel between the user and remote server. Compared with the related biometric authentication schemes, the proposed scheme does not require the user password to provide convenience to users. It also does not require time synchronization or delay-time limitations between the user and remote server to resolve time synchronization problems.