How Does Microsoft Know Your Previously Used Passwords?
When I reset my password for my Microsoft account, how do they know what password I’ve used before?
Assuming that all passwords used have been salted with random elements before being hashed and stored in their database, Microsoft is able to determine if you are using a previously used password through the following process:
- They know the value to which your previous password(s) hashed, and the salts used.
- When you type your old password, they compare it to the old stored passwords.