im not familiar with HSBC's one-time password....so cant comment there.
and fair enough that you use different methods for passwords involving your real identity. but, your original comment was that we should "remember" our passwords mentally, not using some program. The problem is that the easier it is to remember, means its not that safe, which means once someone figures out one password for you, they have access to a bunch of your data or sites you visit.
so by using programs like this, it will give you (in my case) 20 digit random passwords, that are unique to each account in every site. this way I only need to know 1 password for the database, which makes it easier to remember a single unique password to access the database, and not 10's or 20's or 100's or whatever. and with my system, no one has access to my password, no matter what they say, without hacking into my home network and hacking into my computer, and hacking into my encrypted disc image, and then hacking my database.
If i think of financial accounts I hold worldwide, I have around 10 different accounts for trading, credit cards, banks, and other types of money related accounts. each of those uses a different unique password. By your logic, I dont know how I would remember even just these 10 using the safe passwords I use.
and...you say you trust shri. BUT...has he disclosed his actual password retention software he uses? And even if he did, how do you know he is telling the truth? How do you know he has absolutely no access ever to these passwords and that he is good faith would never do this.
what if Shri gets hit by financial tsunami, website goes down from all of us ad-blocking, bank takes his homes, and the IRD hits him with some billion dollar unpaid hidden tax? do you think everyone is trustworthy with your information 100% of time? anyone can slip...and it depends on how far they can get with your password before you get screwed.
btw...knock on wood for shri.