diff --git a/web/handlers/auth.go b/web/handlers/auth.go
index f7298e6..3ce9970 100644
--- a/web/handlers/auth.go
+++ b/web/handlers/auth.go
@@ -307,6 +307,7 @@ func Revoke(c *fiber.Ctx) error {
 
 type IntrospectResp struct {
 	m.User
+	HasPassword bool `json:"has_password"` // 是否设置了密码
 }
 
 func Introspect(c *fiber.Ctx) error {
@@ -319,12 +320,19 @@ func Introspect(c *fiber.Ctx) error {
 	// 获取用户信息
 	profile, err := q.User.
 		Where(q.User.ID.Eq(authCtx.Payload.Id)).
-		Omit(q.User.Password, q.User.DeletedAt).
+		Omit(q.User.DeletedAt).
 		Take()
 	if err != nil {
 		return err
 	}
 
+	// 检查用户是否设置了密码
+	hasPassword := false
+	if profile.Password != nil && *profile.Password != "" {
+		hasPassword = true
+		profile.Password = nil // 不返回密码
+	}
+
 	// 掩码敏感信息
 	if profile.Phone != "" {
 		profile.Phone = maskPhone(profile.Phone)
@@ -332,7 +340,7 @@ func Introspect(c *fiber.Ctx) error {
 	if profile.IDNo != nil && *profile.IDNo != "" {
 		profile.IDNo = u.P(maskIdNo(*profile.IDNo))
 	}
-	return c.JSON(IntrospectResp{*profile})
+	return c.JSON(IntrospectResp{*profile, hasPassword})
 }
 
 func maskPhone(phone string) string {