::
> Shouldn’t you need two of them? How is one extra word for a passphrase enough?
The way it works is similar to having a big shredder (called a hash function). When you input something in the shedder, you get something completely different in the output. Here, the input of the shredder is your seed phrase and your passphrase. The passphrase that is input in the shredder is the string “mnemonic” concatenated with the passphrase your created (and empty string in case you did not create one, which is the default. So if you selected the passphrase “don’t tell my wife I have cryptos!!!”, the passphrase will internally be “mnemonicdon’t tell my wife I have cryptos!!!”.
So the seed phrase and the passphrase are entered in the schedder, and the output is a 512-bit number called “bip39 seed”, which is your master private key. All your keys are mathematically calculated (derived) in a deterministic way from this 512-bit number.
So if you create a seed phrase, you have two sets of accounts, because you have two 512-bit bip39 seeds (one will be your 24-word seed phrase shredded with the passphrase “mnemonic”, and the other one will be your 24-word seed phrase shredded with the string obtained by concatenating “mnemonic” with your passphrase e.g. “don’t tell my wife I have cryptos!!!”.
There are lots of documents that describe the process in more details…