The funny thing when they don't allow you to do that. They throw an error something like "Your password is too similar to the previous password". Then I know they store it in plain text.

You could imagine a scheme where they just store N salted hashes of your N-character previous password with 1 character deleted. Then at password changes, they do the same iteration with the candidate password and see if any digests match. This tells them if you made a 1 character change to your password, without storing your old password in plaintext.

Yeah... they could be doing that. But these are the same people that implemented the forced password change in the first place. The overwhelming likelihood is that they're storing them in plain text, and the jury might still be out on whether that plain text is world-readable or not.

Do we know that? We actually do not.

If I have some previous passwords of yours in hashed form, and you give me a new password, what I can do is try to crack your previous passwords by generating nearby passwords based on the new one.

For instance, if you give me something that ends in a digit, I can substitute the other nine digits into that and try all those passwords against your prior hashes.

They usually make you write you current password. If they complain about your previous password though ... which is quite common.