Smart factory, as an intelligent application of industrial internet of things (IIoT), significantly enhances the efficiency of industrial processes while also reducing resource waste. In a system where security is crucial, the user authentication mechanism is essentially designed to prevent a range of security issues, including production failures caused by illegal intrusions from hackers. To verify the user’s identity and ensure data be accessed with a secure session key, a large number of authentication protocols have been provided for IIoT. However, existing newly alternatives show deficiency either in terms of superior performance or robust security. To get a better balance of security and efficiency, this paper designs a robust and effective 3-factor user authentication protocol. Then this paper shows the detailed security analyses and automated verification by the Proverif tool, where the ProVerif tool used in this paper can detect whether the eCK adversary with stronger attack ability can break the protocol, while the general ProVerif can only detect threat of the Dolev–Yao adversary with weaker attack ability to the protocol security. Subsequently, this paper presents performance comparison which indicates that the proposed protocol can be superior to those newly alternatives. Especially, the comparison results show that the computation cost consumed in the proposed protocol can be reduced by 62.2% than the average cost of all six compared alternatives. Lastly, the evaluation results on the energy consumption and the network delay indicate the practicability of proposed protocol for smart factory.