diff --git a/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthController.java b/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthController.java
index d51bf8d61f..14a80f8f79 100644
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthController.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthController.java
@@ -95,6 +95,16 @@ public class AuthController {
             if (!pushService.validateCode(authRequest.getMobile(), authRequest.getCode(), request)) {
                 return ResponseEntity.ok().body(JsonResult.error(I18Consts.I18N_AUTH_CAPTCHA_VALIDATE_FAILED, -2, false));
             }
+            // 验证用户名和手机号是否为同一个用户
+            if (StringUtils.hasText(authRequest.getUsername()) && StringUtils.hasText(authRequest.getMobile())) {
+                Boolean userMatch = userService.existsByUsernameAndMobileAndPlatform(
+                        authRequest.getUsername(),
+                        authRequest.getMobile(),
+                        authRequest.getPlatform());
+                if (!userMatch) {
+                    return ResponseEntity.ok().body(JsonResult.error("用户名和手机号不匹配，请检查后重新输入", -3, false));
+                }
+            }
         }
 
         try {
diff --git a/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserRepository.java b/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserRepository.java
index 168ef9c4e9..cc980a2fb7 100644
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserRepository.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserRepository.java
@@ -42,6 +42,8 @@ public interface UserRepository extends JpaRepository<UserEntity, Long>, JpaSpec
 
     Boolean existsByEmailAndPlatformAndDeletedFalse(String email, String platform);
 
+    Boolean existsByUsernameAndMobileAndPlatformAndDeletedFalse(String username, String mobile, String platform);
+
     Boolean existsBySuperUserAndDeletedFalse(Boolean superUser);
 
 }
diff --git a/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserService.java b/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserService.java
index faa0bd689f..90a309745b 100644
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserService.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/user/UserService.java
@@ -616,6 +616,12 @@ public class UserService {
         return userRepository.existsByEmailAndPlatformAndDeletedFalse(email, platform);
     }
 
+    // exists by username and mobile
+    @Cacheable(value = "user:exists", key = "#username + '-' + #mobile + '-' + #platform", unless = "#result == null")
+    public Boolean existsByUsernameAndMobileAndPlatform(@NonNull String username, @NonNull String mobile, @NonNull String platform) {
+        return userRepository.existsByUsernameAndMobileAndPlatformAndDeletedFalse(username, mobile, platform);
+    }
+
     public Boolean existsBySuperUser() {
         return userRepository.existsBySuperUserAndDeletedFalse(true);
     }