How do you prevent re-use without keeping plain text or reversibly
encrypted copies of the old ones laying around waiting to be
If you're storing *old* passwords that you don't want people to use
again, would it matter if they're stored as plain text? I would imagine
that you could just add them to a banned passwords list.
Given that people habitually use the same passwords in lots of places,
storing old passwords in plain text is probably not a great idea, as
what's an old password in one place might be a current password