Private key and Keystore file both are very important to access your Ac if you have one of them you still can access your account but it's always better to use Keystore file to access your Ethereum wallet and don't keep all these at one place keep it on a different place to be safer side.
No need to keep keystore file or password if you will store private key, even i think keystore file is a bit unsafe, anytime your file can be affected because you can't store it in offline that is big disadvantage. I feel safe only with private key in any wallet and i think online store is always risky.
you can save the Keystore offline with a computer that never connects to the Internet.
The password is restricted to just that wallet, but your private key overrides all passwords when you import your account to another wallet. Private keys are always the thing to note when handling your cryptocurrency accounts
That like Key and Padlock, both have pair with each other and no appropriate if we try to unlock using another key. So, we don't need the password for this situation, if we lost or another one have our key, it will definitely lost in second.