diff --git a/packages/core/src/libraries/user.test.ts b/packages/core/src/libraries/user.test.ts
index 1b4e9630e..fcd18cbfa 100644
--- a/packages/core/src/libraries/user.test.ts
+++ b/packages/core/src/libraries/user.test.ts
@@ -1,12 +1,38 @@
 import { MfaFactor, UsersPasswordEncryptionMethod } from '@logto/schemas';
+import { createMockUtils } from '@logto/shared/esm';
 
 import { mockResource, mockAdminUserRole, mockScope } from '#src/__mocks__/index.js';
 import { mockUser } from '#src/__mocks__/user.js';
 import RequestError from '#src/errors/RequestError/index.js';
-import { MockQueries } from '#src/test-utils/tenant.js';
 
 const { jest } = import.meta;
+const { mockEsm } = createMockUtils(jest);
 
+mockEsm('hash-wasm', () => ({
+  argon2Verify: jest.fn(async ({ password }: { password: string }) => {
+    return password === 'password';
+  }),
+  bcryptVerify: jest.fn(async ({ password }: { password: string }) => {
+    return password === 'password';
+  }),
+  md5: jest.fn(async (password) => {
+    return password === 'password' ? '5f4dcc3b5aa765d61d8327deb882cf99' : 'wrong';
+  }),
+  sha1: jest.fn(async (password) => {
+    return password === 'password' ? '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8' : 'wrong';
+  }),
+  sha256: jest.fn(async (password) => {
+    return password === 'password'
+      ? '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'
+      : 'wrong';
+  }),
+}));
+
+mockEsm('#src/utils/password.js', () => ({
+  encryptPassword: jest.fn().mockResolvedValue('argon2:xxx'),
+}));
+
+const { MockQueries } = await import('#src/test-utils/tenant.js');
 const { encryptUserPassword, createUserLibrary } = await import('./user.js');
 
 const hasUserWithId = jest.fn();
@@ -74,9 +100,7 @@ describe('verifyUserPassword()', () => {
 
   describe('Argon2', () => {
     it('resolves when password is correct', async () => {
-      await expect(
-        verifyUserPassword(mockUser, 'HOH2hTmW0xtYAJUfRSQjJdW5')
-      ).resolves.not.toThrowError();
+      await expect(verifyUserPassword(mockUser, 'password')).resolves.not.toThrowError();
     });
 
     it('rejects when password is incorrect', async () => {
diff --git a/packages/core/src/routes/interaction/additional.test.ts b/packages/core/src/routes/interaction/additional.test.ts
index 7651b990f..7a3176a8c 100644
--- a/packages/core/src/routes/interaction/additional.test.ts
+++ b/packages/core/src/routes/interaction/additional.test.ts
@@ -44,6 +44,10 @@ const { getInteractionStorage, storeInteractionResult } = await mockEsmWithActua
   })
 );
 
+await mockEsmWithActual('./utils/totp-validation.js', () => ({
+  generateTotpSecret: jest.fn().mockReturnValue('secret'),
+}));
+
 const { sendVerificationCodeToIdentifier } = await mockEsmWithActual(
   './utils/verification-code-validation.js',
   () => ({
@@ -229,7 +233,7 @@ describe('interaction routes', () => {
       expect(getInteractionStorage).toBeCalled();
       expect(storeInteractionResult).toBeCalled();
       expect(response.statusCode).toEqual(200);
-      expect(response.body).toHaveProperty('secret');
+      expect(response.body).toHaveProperty('secret', 'secret');
       expect(response.body).toHaveProperty('secretQrCode');
     });
   });