So if my coinbase has an easy pw, when I do a transaction someone may use the public key to track me and try to crack my pw?
Is that the way it works?
New to this but want to be secure.
No. They know your e-mail address and they guess your password and transfer the coins. That's why you should set up the Authy authentication so they can't do that.
Also, you should only keep spending money in there, not $10,000.