The multisig vault is designed to give you 100% control of your funds, with a balance of security and ease-of-use. You control the private keys which allow you access to your funds, yet you can easily spend your funds simply by entering a password.
(Note that the multisig vault is different from the regular Coinbase vault, where we handle security on your behalf so you don't have to. If you don't want to maintain your own private keys, you can use the regular vault; learn more about that here.)
The multisig vault is created by intelligently distributing three keys, two of which are required to unlock your funds. Coinbase securely stores one key, you store a backup user key, and both Coinbase and you store an encrypted third key, which can only be unlocked with a password you know. Because Coinbase never learns your password and never learns your user key, Coinbase never gains access to your funds.
This also means more responsibility for users of the multisig vault, which is why it is designed for advanced users only. You can still redeem your funds if you forget your vault password, or you lose your backup key. You can also spend your funds without using Coinbase: you can read more about how to do that here.
However, if you forget your passphrase and lose your personal key, your funds will be lost forever. In this case it is impossible for Coinbase to redeem your funds.
The architecture of the multisig vault is explained in this diagram:
How to create a new Multisig Vault
1. Go to https://www.coinbase.com/accounts
2. Click "+ New Account".
3. Select "Vault"
4. Name the Vault whatever you'd like
5. Choose who you want to have access to the Vault (just you, or multiple people).
6. Select "I will manage security myself" to create a Multisig Vault
7. Complete the remaining steps to verify your keys and passphrase.