We are considering setting up a Remote Desktop Gateway server so users can remote control their office desktop PCs from home without needing VPN.
The plan is for it to only be a secure pass-through from the Internet to their desktop PC. There will be not be any terminal services login or web apps hosted on the server. We have not decided if RDWeb will be available. It is likely that users will just use a RDP client such as the Microsoft MSTSC.exe Remote Desktop client in Windows or similar app for iOS, Android or OSX rather than use a browser to reach their PC.
I noticed that most RDP clients, mobile apps and web browsers have an option to remember credentials so they can log in without typing credentials the next time they connect. This will be a security threat if their PC is stolen and not encrypted. Is there any way to provide access, but prevent users from reusing saved passwords to connect to the Remote Desktop Gateway without using smart cards?
I had that the idea of having some kind of one time password system to authenticate through the RD Gateway so saved passwords would be useless. What does Remote Desktop Gateway support that can do this?