HSBC has a strange approach to web site security: They promote their Trusteer Rapport security software at each login to their business banking website so they give the impression they are keen on online security, however a basic step in improving security, the abilty to change password is so difficult that I had to call their help desk to work out how to do it. That is a clear #fail (I should say I fall into the category of very experienced web user).
To make HSBC’s approach to security even more strange, when I finally found the page where I could change the password, then I realised the new password was limited to 30 character and only letter and numbers were allowed, no symbols of any kind. My passwords these days are general 48 characters of complete random characters including symbols.
Torben Overgaard's blog 