MicrosoftSo my issue with this, is that if someone was to leave their computer unlocked and a bad actor was to sit on that computer, not knowing their password, then they could in theory run some tool and when the correct password is typed into notepad, they get the 'Reusing passwords is not safe' prompt. Now that's essentially an access granted, but without being locked out by repeated attempts at a login page.
I thought of this when trying to log into M365, I was typing too fast and kept making a mistake. Just before I was about to check caps lock etc and slow it down, I typed it one last time, saw that prompt and figured ahh okay that must be the correct password. Sure enough it was.
So the issue is that someone could in theory discover your password this way, I hadn't clicked enter so wouldn't get locked out.
I'd just do it in notepad instead.
Of course I know MFA and locking computers and all the other hundreds of security practises, but it's the same issue we had when going into a web browser and looking at 'saved passwords' years ago - which you now have to reauthenticate in order to see them.
