So we have established your password is your proof of identity. Passwords have a few rules that make them what they are and as a concept there is an assumtion everyone will know “what a password is there for”
So a password:
Should be a secret
Only YOU know what it is in terms of its written form – for example – “Pa55w0rd”
Only you can remember what it is – bit like an important telephone number
If you write it down , only you know where it is – the little black book on your desk
Only you know what it is for – easy my bank account and email
It is unique so no one else would ever know it or guess it
Easy enough to use though, because if its too long, its easy to type in incorrectly and fail the login.
If I fail the login after a few tries I get locked out and need to reset my password.
Banks need me to call and prove who I am, damn this could be a trip into town.
So give all the above… we think password I CAN REMEMBER
Which then becomes, a password with the date of birth of my wife combo with the name of my cat… or my graduation day or my favourite religious qoute (along with the quoted verse number).