Bitcoins are stored electronically on an online distributed ledger, referred as the "blockchain".
The database records all accounts, its balance and transactions that have occurred on the network. The act of “sending a bitcoin” requires knowledge of a pair of elements that constitute a public-key cryptography system:
In cryptocurrency, public addresses is the element that holds the balance: users send digital assets from and to them. In other words, it serves as a cryptocurrency "bank" account.
On the Bitcoin network, all the transaction information between public addresses is available to everyone, and accessible online on a decentralised ledger, the blockchain.
Therefore, everyone knows how much Bitcoins a public address holds. It is therefore recommended to generate a new public address when receiving a cryptocurrency payment otherwise the payment issuer has knowledge of the account's balance.
This is not necessarily true for every cryptocurrency, as some of them mask the balance of public addresses to ensure a privacy-focused experience.
Each public address is associated with a private key that unlocks the funds held on it. In this sense, having knowledge of a public address' private key gives ownership of the digital assets stored in them.
When a transaction is issued, the network performs a mathematical algorithm to verify whether the pair is correct. If a private key is made public then the funds are compromised - as anyone could unlock the public address and make a transaction.
You can generate unlimited public address and private key pairs.
A cryptocurrency wallet is a software that locks up private and public keys and interacts with blockchains. It gives the ability to users to send and receive digital assets and monitor their balance, in a single user experience.
Most wallets protect private keys by encryption with a passphrase. In order to unlock an encrypted wallet and get access to its private keys, users require to input the correct password.
Additionally, users can set up 2-Factor Authentication (2-FA) on another devices for an extra layer of protection.
It is important to secure private keys, wallet passwords and 2-FA back-ups, as forgetting them results in losing access to digital assets recorded on public addresses..
However, users do not need a password nor a 2-FA to issue a cryptocurrency transaction. It only comes in the picture when private keys are stored in an encrypted cryptocurrency wallet.
To summarise, here's a infographic of the Bitcoin's user transaction management experience:
Note that paper wallets are not encrypted, as they are just a sheet of paper with both private and public keys written on it.