The application provides a password verification method and system. The method comprises the step that S1, an upper computer generates a PIN value; S2, the upper computer acquires a random number from a USBKEY; S3, an instruction data packet for PIN verification is generated; S4, the USBKEY parses the instruction data packet; and S5, parsed data are determined, and if the determination is successful, the PIN verification passes. According to the password verification method and system provided by the application, the real security of a verification password is ensured by performing asymmetric algorithm encryption on the random number, the length of a user PIN value and the user PIN value, so that the security level of the password is improved, PIN code information leakage is prevented, and higher-level attack to the USBKEY can be defended; and in addition, through grading verification on the random number, the length of the user PIN value and the user PIN value, the determination time is saved, the USBKEY response speed is higher, and the user experience is improved.