would like to see if someone could use the scenario below so it is relatable to me.  i'm really confused.  a real amateur here so forgive the elementary questions.

to get into my crypto wallet app i have a password, or fingerprint log in option. setting up the the wallet, had to write down a bunch of random words or some other weird sequence of things .. for recovery it said. and in order to send or receive crypto, there is a long code that is used. so this is a collection of passwords and codes i use during a crypto process either from coinbase or wallet.

questions - from the scenario above, what is considered a "key"? which ones are secret keys? which ones are the ones that get hijacked and hackers steal your crypto? is the recovery list of words a crypto version for "forgot password"?

by the things i read online, it feels like everyone gets their crypto hijacked. like nothing is safe. like one could just do nothing and someone can get into your wallet and/or coinbase for example and steal your stuff. or is this an exception to the rule just like a normal "bank account" could be somehow hacked? it just feels that in the crypto world it happens all the time and any minute.

thank you for your help.