More clarification on point 3 about the implementation details & security provided with public private key & password method.

When users first use InfiniDEX app, app would automatically generate unique public private key inside users PC. As it's a newly generated key, users would be prompted to input a password for the account.
The input password would be hash & ONLY THE HASH VALUE would send over to DEX network together with the public key & signing of the message using private key.
With that, nobody would know what your actual password is except for yourselves (as some users would always use the same password for every different platform thus we would like to prevent password leak issue)

Using above method, the verification of users identity would be through the signing of message using private key with password hash value in it & with the public key inside DEX network to verify users.
It added security where anyone who have access to your PC, without your password, won't be able to do anything with your account.
Anyone without your private key won't be anything to hack your account at all.

Ultimately, safekeeping public private key file & your own password is the only thing that you need to do.