diff --git a/FAQ.md b/FAQ.md
index e56bca7..727b17d 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -162,13 +162,13 @@ $members = \app\api\model\Member::where('disabled', 0)->select();
 // 新增
 $member = new \app\api\model\Member;
 $member->username = 'test';
-$member->password = password_hash('123456', PASSWORD_DEFAULT);
+$member->password = \app\api\model\Member::makePassword('123456');
 $member->save();
 
 // 或
 \app\api\model\Member::create([
     'username' => 'test',
-    'password' => password_hash('123456', PASSWORD_DEFAULT),
+    'password' => \app\api\model\Member::makePassword('123456'),
 ]);
 
 // 更新
diff --git a/app/api/model/Member.php b/app/api/model/Member.php
index 9732564..9d9e0e8 100644
--- a/app/api/model/Member.php
+++ b/app/api/model/Member.php
@@ -48,36 +48,24 @@ class Member extends Model
 
     /**
      * 验证密码
-     * 支持两种密码格式:
-     * 1. 新格式: bcrypt hash (60字符, 以 $2y$ 开头)
-     * 2. 旧格式: 双重MD5 (32字符)
+     * 当前项目统一使用双重 MD5。
      *
      * @param string $password 明文密码
      * @return bool
      */
     public function verifyPassword(string $password): bool
     {
-        $hash = $this->password;
-
-        // 新格式: bcrypt
-        if (strlen($hash) === 60 && strpos($hash, '$2y$') === 0) {
-            return password_verify($password, $hash);
-        }
-
-        // 旧格式: 双重MD5 (兼容原系统)
-        $legacyHash = md5(md5($password));
-        return $legacyHash === $hash;
+        return self::makePassword($password) === $this->password;
     }
 
     /**
-     * 升级密码为 bcrypt 格式
+     * 生成系统使用的密码摘要
      * @param string $password 明文密码
-     * @return bool
+     * @return string
      */
-    public function upgradePassword(string $password): bool
+    public static function makePassword(string $password): string
     {
-        $this->password = password_hash($password, PASSWORD_DEFAULT);
-        return $this->save();
+        return md5(md5($password));
     }
 
     /**
diff --git a/app/api/service/AuthService.php b/app/api/service/AuthService.php
index 878b46d..8b436f3 100644
--- a/app/api/service/AuthService.php
+++ b/app/api/service/AuthService.php
@@ -45,11 +45,6 @@ class AuthService
             throw new \Exception('账号已过期，请联系客服续费', 4003);
         }
 
-        // 密码升级：旧MD5格式自动升级为bcrypt
-        if (strlen($member->password) === 32) {
-            $member->upgradePassword($password);
-        }
-
         // 记录登录日志
         $member->logLogin(true, 'password');
 
@@ -97,7 +92,7 @@ class AuthService
         // 创建用户
         $member = new Member();
         $member->username = $username;
-        $member->password = password_hash($password, PASSWORD_DEFAULT);
+        $member->password = Member::makePassword($password);
         $member->email = $email;
         $member->formtypeid = $formtypeid ?? 0;
         $member->v_type = 0; // 默认套餐
@@ -195,7 +190,7 @@ class AuthService
             throw new \Exception('原密码错误', 4007);
         }
 
-        $member->password = password_hash($newPassword, PASSWORD_DEFAULT);
+        $member->password = Member::makePassword($newPassword);
         return $member->save();
     }
 }