Polkadot Vault allows you to manage Derived Accounts. This allows you to manage several accounts on a network using the same seed. You can think of derived accounts as child accounts of the root account created using the original mnemonic seed phrase. There are different types of account derivation – hard or soft derivation.

When you add a network to an account on your Polkadot Vault device, you must provide your desired derivation path.

/ Soft Derivation

A soft derivation allows someone to potentially "go backwards" to figure out the initial account's private key if they know the derived account's private key. It is also possible to determine that different accounts that are generated from a seed are linked to that seed.

// Hard Derivation

A hard derivation path does not allow either of those things – even if you know a derived private key, it is not feasible to figure out the private key of the root address, and it is impossible to prove that the first account is linked with the second.

/// Password Derivation

In this type of derivation, if the mnemonic phrase would leak, accounts cannot be derived without the initial password. In fact, for soft- and hard-derived accounts, if someone knows the mnemonic phrase and the derivation path, they will have access to your account. For password-derived accounts, the password is applied on the derivation path. You can know the mnemonic phrase and the derivation path, but without the password, it is not possible to access the account. In mathematical terms, if we have a written derivation path and a password, we can calculate the real derivation path as f(written derivation path, password); where f is a function. We can then calculate the account key pair using f(seed, real derivation path).