Try reading your password to somebody else and getting them to enter it correctly. Unless your password is terrible, you should find that you can tell the difference between them verifying a text field vs. entering it into the system pretty easily.

Yeah. I always use random passwords for the answers to "security questions", and it's fascinating to read them off over the phone. It's obvious that they're stored in the clear, because they don't care about (for instance) case or spacing.

The system could normalize the password (convert to upper/lowercare, remove spaces) before hashing it. It'd be dumb, but not as bad as storing in plain text.

I don't find that likely, though.

Amazon used to do it: http://www.wired.com/2011/01/amazon-password-problem/

Unless it's "CorrectHorseBatteryStaple"