Gaining access via a password is the simplest way for any cybercriminal to do a lot of damage. That might happen via a phishing attack where you’re convinced to give up your details in an email or something that you have less control over like malware that installs a keylogger and tracks what you type.