If you're using Google Accounts then they have a feature for this[1]. It detects when they enter their Google password into any other site then reports it and makes them change their password.
I'd love a similar feature that somehow worked with Active Directory.
It's not foolproof-perfect, but from personal experience it tends to work quickly and effectively. It requires "surveillance" of your browser/computer, but you should assume that with a work device anyways, and it can work with hashes and password fields so it's not storing your actual password or logging everything else you're doing.
If you're using Google Accounts then they have a feature for this[1]. It detects when they enter their Google password into any other site then reports it and makes them change their password. I'd love a similar feature that somehow worked with Active Directory.
[1] Password Alert: https://support.google.com/a/answer/6197480