diff --git a/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts b/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
index 702debd27..104e02f25 100644
--- a/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
+++ b/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
@@ -1,4 +1,4 @@
-import { InteractionEvent } from '@logto/schemas';
+import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
 import { createMockUtils, pickDefault } from '@logto/shared/esm';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -9,7 +9,11 @@ import type { Identifier } from '../types/index.js';
 const { jest } = import.meta;
 const { mockEsm } = createMockUtils(jest);
 
-const findUserById = jest.fn().mockResolvedValue({ id: 'foo', passwordEncrypted: 'passwordHash' });
+const findUserById = jest.fn().mockResolvedValue({
+  id: 'foo',
+  passwordEncrypted: 'passwordHash',
+  passwordEncryptionMethod: UsersPasswordEncryptionMethod.Argon2i,
+});
 
 const tenantContext = new MockTenant(undefined, { users: { findUserById } });
 
diff --git a/packages/core/src/routes/interaction/verifications/profile-verification.ts b/packages/core/src/routes/interaction/verifications/profile-verification.ts
index 066b40ce0..217fe1652 100644
--- a/packages/core/src/routes/interaction/verifications/profile-verification.ts
+++ b/packages/core/src/routes/interaction/verifications/profile-verification.ts
@@ -1,5 +1,5 @@
 import type { Profile, User } from '@logto/schemas';
-import { InteractionEvent } from '@logto/schemas';
+import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
 import { argon2Verify } from 'hash-wasm';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -192,10 +192,15 @@ export default async function verifyProfile(
 
   const passwordProfile = passwordProfileResult.data;
 
-  const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(accountId);
+  const { passwordEncrypted: oldPasswordEncrypted, passwordEncryptionMethod } = await findUserById(
+    accountId
+  );
 
+  // Only compare password if the encryption method (algorithm) is Argon2i
+  // if the user is migrated, this check will be skipped
   assertThat(
     !oldPasswordEncrypted ||
+      passwordEncryptionMethod !== UsersPasswordEncryptionMethod.Argon2i ||
       !(await argon2Verify({ password: passwordProfile.password, hash: oldPasswordEncrypted })),
     new RequestError({ code: 'user.same_password', status: 422 })
   );