Multisig requires multiple keypairs, right? Multiple keypairs is not something that's in the protocol,  right?

Backups do not mitigate against theft