diff --git a/internal/service/auth.go b/internal/service/auth.go
index a9aee5c..ea83f82 100644
--- a/internal/service/auth.go
+++ b/internal/service/auth.go
@@ -30,6 +30,7 @@ const (
 	defaultTOTPChallengeTTL = 5 * time.Minute
 	defaultPasswordMinLen   = 8
 	refreshTokenRetryGrace  = 10 * time.Second
+	defaultBETimeout        = 5 * time.Second  // best-effort 后台操作默认超时
 	MaxUsernameAttempts     = 100 // 最大尝试次数（P1性能优化：减少循环查询）
 	MaxUsernameLength       = 40  // 用户名最大长度
 )
@@ -553,7 +554,7 @@ func (s *AuthService) writeLoginLog(
 				log.Printf("auth: write login log panic recovered, user_id=%v login_type=%d err=%v", userID, loginType, r)
 			}
 		}()
-		bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 		defer cancel()
 		if err := s.loginLogRepo.Create(bgCtx, loginRecord); err != nil {
 			log.Printf("auth: write login log failed, user_id=%v login_type=%d err=%v", userID, loginType, err)
@@ -634,7 +635,7 @@ func (s *AuthService) bestEffortRegisterDevice(ctx context.Context, userID int64
 				log.Printf("auth: register device panic recovered, user_id=%d device_id=%s err=%v", userID, req.DeviceID, r)
 			}
 		}()
-		bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 		defer cancel()
 		_, _ = s.deviceService.CreateDevice(bgCtx, userID, createReq)
 	}()
diff --git a/internal/service/auth_runtime.go b/internal/service/auth_runtime.go
index 6403271..ce15de9 100644
--- a/internal/service/auth_runtime.go
+++ b/internal/service/auth_runtime.go
@@ -95,7 +95,7 @@ func (s *AuthService) bestEffortUpdateLastLogin(ctx context.Context, userID int6
 				log.Printf("auth: update last login panic recovered, source=%s user_id=%d err=%v", source, userID, r)
 			}
 		}()
-		bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 		defer cancel()
 		if err := s.userRepo.UpdateLastLogin(bgCtx, userID, ip); err != nil {
 			log.Printf("auth: update last login failed, source=%s user_id=%d ip=%s err=%v", source, userID, ip, err)
diff --git a/internal/service/password_reset.go b/internal/service/password_reset.go
index 775080b..1855498 100644
--- a/internal/service/password_reset.go
+++ b/internal/service/password_reset.go
@@ -299,7 +299,7 @@ func (s *PasswordResetService) doResetPassword(ctx context.Context, user *domain
 	if s.passwordHistoryRepo != nil {
 		// #nosec G118 - 使用带超时的独立 context，防止 DB 写入无限等待
 		go func() { // #nosec G118
-			bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+			bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 			defer cancel()
 			_ = s.passwordHistoryRepo.Create(bgCtx, &domain.PasswordHistory{
 				UserID:       user.ID,
diff --git a/internal/service/user_service.go b/internal/service/user_service.go
index a00731a..15ef1ce 100644
--- a/internal/service/user_service.go
+++ b/internal/service/user_service.go
@@ -132,7 +132,7 @@ func (s *UserService) ChangePassword(ctx context.Context, userID int64, oldPassw
 		if s.passwordHistoryRepo != nil {
 			// #nosec G118 - 使用带超时的独立 context（不能使用请求 ctx，该 goroutine 在请求完成后仍可能运行）
 			go func(hashedPw string) { // #nosec G118
-				bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+				bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 				defer cancel()
 				_ = s.passwordHistoryRepo.Create(bgCtx, &domain.PasswordHistory{
 					UserID:       userID,
@@ -199,7 +199,7 @@ func (s *UserService) applyNewPassword(ctx context.Context, user *domain.User, n
 					log.Printf("user_service: password history save panic recovered, user_id=%d err=%v", userID, r)
 				}
 			}()
-			bgCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+			bgCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 			defer cancel()
 			_ = s.passwordHistoryRepo.Create(bgCtx, &domain.PasswordHistory{
 				UserID:       userID,
diff --git a/internal/service/webhook.go b/internal/service/webhook.go
index ad5d4f6..a19374c 100644
--- a/internal/service/webhook.go
+++ b/internal/service/webhook.go
@@ -295,7 +295,7 @@ func (s *WebhookService) recordDelivery(task *deliveryTask, statusCode int, body
 		delivery.DeliveredAt = &now
 	}
 	// 使用带超时的独立 context，防止 DB 写入无限等待
-	writeCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	writeCtx, cancel := context.WithTimeout(context.Background(), defaultBETimeout)
 	defer cancel()
 	_ = s.repo.CreateDelivery(writeCtx, delivery)
 }