When logging into a system, you will usually have a unique identifier. In Windows, this identifier is called the Security Identifier (SID).
Additionally, the user will need to provide credentials to authenticate themselves. This can be in the form of a password, smart card, fingerprint, PIN code, etc.
Once a user logs in, their credentials are tied to a profile. This profile stores information about the user such as the user’s name, preferences, group memberships, etc.
Weak passwords are more vulnerable to being cracked by brute force attacks. For example, if your password is only 3 digits long, it’s very easy for a script to run through every combination of 3 digits very quickly to find your correct password.
Passwords should therefore be complex (meaning a combination of numbers, letters, and symbols) and have a longer length. Passwords should also be constantly refreshed in the chance that if a hacker does obtain your password, the password won’t be valid for too long.