When registering on a new platform, creating a new password can seem like an extreme sport. Having to think of a new password is something users don't like doing. Most people use the same password everywhere which is very great for ease of remembering and usage of the password but isn't so great in terms of security.
There are however user whose password are more vulnerable because they use dictionary words as their passwords. The reason why words that can be found in a dictionary are very poor choice of passwords is because a hacker can easily crack those passwords, there are hacking tools that try to breaking into a user's account by trying a lot of dictionary words to see which is the correct one.
Two factor authentication, input validation (to make sure your password has special characters and numbers) as well as a limit on the number of password trials you have, are measures that were put in place by software engineers. On more secure platforms you can't use your name as your password. While all of these makes password creation more stressful, it ultimately means that it'll be harder to guess your password without you giving the hacker a hint (or the password itself).
We've pushed the boundaries of software engineering even further by giving session ID, token and others things that are unique to your device and browser, these little features allow you to sign in directly without having to input your password based on the assumption that you protect your device and won't give it to just anyone. It's also why your device should be a private property. Cybersecurity has become quite complicated in a bid to further protect users while offering an amazing user experience.