HSBC sent me an email at the start of February stating that they were simplifying the login process, and that I no longer needed to enter a password (which they call “an answer to a memorable question”), only my Secure Key (a probably time-based one time password).

This is simpler, in that one thing is simpler than two things, but HSBC also say:

These changes will simplify your log on, making it quicker and easier to access your accounts in the app or online whilst remaining as secure as ever.

The only way this is true is if HSBC have managed to leak the entire password database, where they were storing passwords in plain text. My username could be another piece of “secret” information, except that I chose it myself, and I use it elsewhere.

I would agree that it’s still fairly secure, and the 6-digit password is unlikely to be guessed – but having to provide a password as well, as before, would still be more secure.