Password-authenticated group key exchange (PAGKE) allows group users to share a session key using a human-memorable password only. The fundamental security goal of PAGKE is security against dictionary attacks. Several solutions have been proposed to solve this problem while most ones require rounds linearly increasing in the number of group users, so they are neither scalable nor practical. Recently a provably-secure constant-round PAGKE protocol overcoming this short- coming is proposed at PKC '06. However current PAGKE protocols have been proven secure in the ideal model. The ideal model assumes that some functions are "ideal" functions (or random functions). In the ideal cipher model, we assume a block cipher is an ideal cipher and in the ideal hash model (also the so-called the random oracle model), we assume a hash function is an ideal hash function. However it is well-known that a provably-secure scheme in the ideal model may be insecure if the ideal functions are implemented by the real functions. In this paper we propose the first provably-secure PAGKE protocol in the standard model. Our protocol is a two-round protocol and the security of the protocol is reduced to the Decisional Diffie-Hellman (DDH) problem.