diff --git a/backend/apps/authentication/serializers.py b/backend/apps/authentication/serializers.py
index c06b563..4880a58 100644
--- a/backend/apps/authentication/serializers.py
+++ b/backend/apps/authentication/serializers.py
@@ -71,3 +71,17 @@ class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
         data['user'] = UserSerializer(self.user).data
 
         return data
+
+
+class ChangePasswordSerializer(serializers.Serializer):
+    """
+    密码修改序列化器
+    """
+    old_password = serializers.CharField(write_only=True, required=True, style={'input_type': 'password'})
+    new_password = serializers.CharField(write_only=True, required=True, style={'input_type': 'password'})
+    new_password_confirm = serializers.CharField(write_only=True, required=True, style={'input_type': 'password'})
+
+    def validate(self, attrs):
+        if attrs['new_password'] != attrs['new_password_confirm']:
+            raise serializers.ValidationError({"new_password": "新密码字段不匹配。"})
+        return attrs
diff --git a/backend/apps/authentication/urls.py b/backend/apps/authentication/urls.py
index ab2a46c..b728008 100644
--- a/backend/apps/authentication/urls.py
+++ b/backend/apps/authentication/urls.py
@@ -1,11 +1,13 @@
 from django.urls import path
 from rest_framework_simplejwt.views import TokenRefreshView
-from .views import CustomTokenObtainPairView, UserListView, UserDetailView, current_user
+from .views import CustomTokenObtainPairView, UserListView, UserDetailView, current_user, change_password, reset_password
 
 urlpatterns = [
     path('login/', CustomTokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('users/', UserListView.as_view(), name='user-list'),
     path('users/<int:pk>/', UserDetailView.as_view(), name='user-detail'),
+    path('users/<int:pk>/reset-password/', reset_password, name='user-reset-password'),
     path('user/', current_user, name='current-user'),
+    path('user/change-password/', change_password, name='change-password'),
 ]
diff --git a/backend/apps/authentication/views.py b/backend/apps/authentication/views.py
index 795629d..94ecc06 100644
--- a/backend/apps/authentication/views.py
+++ b/backend/apps/authentication/views.py
@@ -4,8 +4,11 @@ from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework_simplejwt.views import TokenObtainPairView
 from rest_framework.exceptions import PermissionDenied
+from django.shortcuts import get_object_or_404
 from .models import User
-from .serializers import UserSerializer, UserCreateSerializer, CustomTokenObtainPairSerializer
+from .serializers import UserSerializer, UserCreateSerializer, CustomTokenObtainPairSerializer, ChangePasswordSerializer
+
+RESET_PASSWORD = "abc!0000"
 
 
 class CustomTokenObtainPairView(TokenObtainPairView):
@@ -76,3 +79,35 @@ def current_user(request):
     """
     serializer = UserSerializer(request.user)
     return Response(serializer.data)
+
+
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def change_password(request):
+    """
+    修改当前用户密码
+    """
+    serializer = ChangePasswordSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+
+    if not request.user.check_password(serializer.validated_data['old_password']):
+        return Response({"detail": "原密码不正确"}, status=400)
+
+    request.user.set_password(serializer.validated_data['new_password'])
+    request.user.save()
+    return Response({"status": "密码已更新"})
+
+
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def reset_password(request, pk):
+    """
+    管理员重置用户密码
+    """
+    if request.user.role != 'admin':
+        raise PermissionDenied("只有管理员可以重置密码")
+
+    user = get_object_or_404(User, pk=pk)
+    user.set_password(RESET_PASSWORD)
+    user.save()
+    return Response({"status": "密码已重置", "reset_password": RESET_PASSWORD})
diff --git a/frontend/src/api/auth.js b/frontend/src/api/auth.js
index 11d22bd..277075c 100644
--- a/frontend/src/api/auth.js
+++ b/frontend/src/api/auth.js
@@ -29,3 +29,13 @@ export const deleteUser = async (id) => {
   const { data } = await api.delete(`/auth/users/${id}/`)
   return data
 }
+
+export const changePassword = async (payload) => {
+  const { data } = await api.post('/auth/user/change-password/', payload)
+  return data
+}
+
+export const resetUserPassword = async (id) => {
+  const { data } = await api.post(`/auth/users/${id}/reset-password/`)
+  return data
+}
diff --git a/frontend/src/layouts/MainLayout.vue b/frontend/src/layouts/MainLayout.vue
index 16a1c1b..e557bac 100644
--- a/frontend/src/layouts/MainLayout.vue
+++ b/frontend/src/layouts/MainLayout.vue
@@ -25,6 +25,7 @@
             <div class="name">{{ user?.username || '用户' }}</div>
             <div class="role">{{ isAdmin ? '管理员' : '普通账号' }}</div>
           </div>
+          <el-button size="small" @click="openPassword">修改密码</el-button>
           <el-button size="small" @click="onLogout">退出</el-button>
         </div>
       </header>
@@ -33,12 +34,32 @@
       </section>
     </main>
   </div>
+
+  <el-dialog v-model="passwordVisible" title="修改密码" width="420px" class="dialog-scroll">
+    <el-form :model="passwordForm" label-width="90px">
+      <el-form-item label="原密码" required>
+        <el-input v-model="passwordForm.old_password" type="password" show-password />
+      </el-form-item>
+      <el-form-item label="新密码" required>
+        <el-input v-model="passwordForm.new_password" type="password" show-password />
+      </el-form-item>
+      <el-form-item label="确认密码" required>
+        <el-input v-model="passwordForm.new_password_confirm" type="password" show-password />
+      </el-form-item>
+    </el-form>
+    <template #footer>
+      <el-button @click="passwordVisible = false">取消</el-button>
+      <el-button type="primary" @click="onChangePassword">保存</el-button>
+    </template>
+  </el-dialog>
 </template>
 
 <script setup>
-import { computed } from 'vue'
+import { computed, reactive, ref } from 'vue'
 import { useRoute, useRouter } from 'vue-router'
+import { ElMessage } from 'element-plus'
 import { useAuth } from '@/store/auth'
+import { changePassword } from '@/api/auth'
 
 const route = useRoute()
 const router = useRouter()
@@ -54,6 +75,30 @@ const titleMap = {
 const title = computed(() => titleMap[`/${route.path.split('/')[1]}`] || '系统首页')
 const user = computed(() => state.user)
 
+const passwordVisible = ref(false)
+const passwordForm = reactive({
+  old_password: '',
+  new_password: '',
+  new_password_confirm: ''
+})
+
+const openPassword = () => {
+  passwordForm.old_password = ''
+  passwordForm.new_password = ''
+  passwordForm.new_password_confirm = ''
+  passwordVisible.value = true
+}
+
+const onChangePassword = async () => {
+  try {
+    await changePassword({ ...passwordForm })
+    ElMessage.success('密码已更新')
+    passwordVisible.value = false
+  } catch (error) {
+    ElMessage.error(error.response?.data?.detail || '修改失败')
+  }
+}
+
 const onLogout = () => {
   clearAuth()
   router.push('/login')
diff --git a/frontend/src/views/UserManage.vue b/frontend/src/views/UserManage.vue
index ce0821f..64d76a4 100644
--- a/frontend/src/views/UserManage.vue
+++ b/frontend/src/views/UserManage.vue
@@ -14,10 +14,11 @@
       <el-table-column prop="factory_name" label="所属工厂" />
       <el-table-column prop="phone" label="手机" />
       <el-table-column prop="email" label="邮箱" />
-      <el-table-column label="操作" width="180">
+      <el-table-column label="操作" width="240">
         <template #default="scope">
           <div class="table-actions">
             <el-button size="small" @click="openEdit(scope.row)">编辑</el-button>
+            <el-button size="small" type="warning" @click="onReset(scope.row)">重置密码</el-button>
             <el-button size="small" type="danger" @click="onDelete(scope.row)">删除</el-button>
           </div>
         </template>
@@ -76,7 +77,7 @@
 <script setup>
 import { ref, reactive, onMounted } from 'vue'
 import { ElMessage, ElMessageBox } from 'element-plus'
-import { fetchUsers, createUser, updateUser, deleteUser } from '@/api/auth'
+import { fetchUsers, createUser, updateUser, deleteUser, resetUserPassword } from '@/api/auth'
 import { fetchFactorySimple } from '@/api/factory'
 
 const users = ref([])
@@ -177,6 +178,15 @@ const onDelete = (row) => {
     .catch(() => {})
 }
 
+const onReset = (row) => {
+  ElMessageBox.confirm(`确认重置用户 ${row.username} 的密码为 abc!0000 吗？`, '提示', { type: 'warning' })
+    .then(async () => {
+      await resetUserPassword(row.id)
+      ElMessage.success('密码已重置为 abc!0000')
+    })
+    .catch(() => {})
+}
+
 const onPageChange = (page) => {
   pagination.page = page
   loadUsers()