The private key is the access to your coins. If you forget your wallet login password, your phone is stolen, or your computer crashes, you can always access coins from another device, using the private key.
Therefore, keep in mind a very basic rule: do not write the private key anywhere on the computer, do not upload it to the cloud (for example to Google Drive) or send it in an email.
Remember the iron rule - do not save the key on your computer, the cloud or email. It is recommended that you memorize the password or store it in a hidden place and of course, do a double backup. You also need to memorize the backup password because there is no "forgot password" option.
Phishing is a familiar phenomenon in the world of digital currencies. There is malware that masquerades as original wallet sites and apps to access your private key and steal your coins. Be extra careful when using these and pay attention to the site's name and URL in your browser. Use only familiar and recommended platforms, save them to your 'Favorites' menu, and don't enter these sites from an ad or link sent to you. Be alert to "weird" or strange requests from the site / app and do not rush to click on links you are not sure about.