diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 8cbc503f7..23240fa75 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -38,6 +38,8 @@ class AccountsController < ApplicationController
         return normal_status(-2, "验证码已失效") if !verifi_code&.effective?
       end
 
+      return normal_status(-1, "8~16位密码，支持字母数字和符号") unless params[:password] =~ CustomRegexp::PASSWORD
+
       code = generate_identifier User, 8, pre
       login = pre + code
       @user = User.new(admin: false, login: login, mail: email, phone: phone, type: "User")
@@ -114,6 +116,7 @@ class AccountsController < ApplicationController
       end
       return normal_status(-2, "验证码不正确") if verifi_code.try(:code) != code.strip
       return normal_status(-2, "验证码已失效") if !verifi_code&.effective?
+      return normal_status(-1, "8~16位密码，支持字母数字和符号") unless params[:new_password] =~ CustomRegexp::PASSWORD
 
       user.password, user.password_confirmation = params[:new_password], params[:new_password_confirmation]
       ActiveRecord::Base.transaction do
diff --git a/app/libs/custom_regexp.rb b/app/libs/custom_regexp.rb
index dd2ebb0b8..2980f2ed2 100644
--- a/app/libs/custom_regexp.rb
+++ b/app/libs/custom_regexp.rb
@@ -3,5 +3,5 @@ module CustomRegexp
   EMAIL = /\A[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+\z/
   LASTNAME = /\A[a-zA-Z0-9\u4e00-\u9fa5]+\z/
   NICKNAME = /\A[\u4e00-\u9fa5_a-zA-Z0-9]+\z/
-  PASSWORD = /\A[a-z_A-Z0-9-\.!@#\$%\\\^&\*\)\(\+=\{\}\[\]\/",'<>~\·`\?:;|]{8,16}\z/
+  PASSWORD = /\A[a-z_A-Z0-9\-\.!@#\$%\\\^&\*\)\(\+=\{\}\[\]\/",'_<>~\·`\?:;|]{8,16}\z/
 end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index 388959aca..eb3ece0a4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,8 +23,6 @@ class User < ApplicationRecord
   # 身份证
   VALID_NUMBER_REGEX = /(^[1-9]\d{5}(18|19|20|(3\d))\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx]$)|(^([A-Z]\d{6,10}(\(\w{1}\))?)$)/
 
-  VALID_PASSWORD_REGEX = /\A[a-z_A-Z0-9-\.!@#\$%\\\^&\*\)\(\+=\{\}\[\]\/",'<>~\·`\?:;|]{8,16}\z/
-
   LOGIN_LENGTH_LIMIT = 30
   MAIL_LENGTH_LMIT = 60
 
@@ -183,7 +181,6 @@ class User < ApplicationRecord
   #validates_format_of :ID_number, with: VALID_NUMBER_REGEX, multiline: true, message: "身份证号格式不对"
   # validates :nickname, presence: true, length: { maximum: 10 }
   # validates :lastname, presence: true
-  validates_format_of :password, with: VALID_PASSWORD_REGEX, multiline: true, message: "8~16位密码，支持字母数字和符号"
 
   # 删除自动登录的token，一旦退出下次会提示需要登录
   def delete_autologin_token(value)