diff --git a/routes/session.py b/routes/session.py
index eb6e748..4c5c5ce 100644
--- a/routes/session.py
+++ b/routes/session.py
@@ -1,7 +1,7 @@
 # 导入库
 from typing import Annotated
 from datetime import datetime, timedelta, timezone
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException
 from fastapi.security import OAuth2PasswordRequestForm
 from fastapi import APIRouter
 import jwt, JWT
diff --git a/tool.py b/tool.py
index b7b9320..4d14d04 100644
--- a/tool.py
+++ b/tool.py
@@ -3,6 +3,7 @@ import binascii
 import logging
 from datetime import datetime, timezone
 import os
+import secrets
 
 def format_phone(
     phone: str, 
@@ -96,7 +97,7 @@ def verify_password(
     pwdhash = binascii.hexlify(pwdhash).decode('ascii')
     if debug:
         logging.info(f"原密码: {provided_password}, 哈希值: {pwdhash}, 存储哈希值: {stored_password}")
-    return pwdhash == stored_password
+    return secrets.compare_digest(pwdhash, stored_password)
 
 def format_time_diff(
     target_time: datetime | str