I'm looking into implementing a passwordless strategy for my company, especially with Entra passkeys becoming available this month. Currently, we utilize a tiered account system for RDP connections to our servers using passwords and MFA. I'm wondering if this approach is more secure than accessing the server directly without a jump host, but using device-bound passkeys for RDP authentication with a separate privileged account. What is the recommended approach according to NIST for scenarios like this?
4 Answers
Why not just use both? They can complement each other really well!
You’re asking if increasing the security of your authentication allows you to ditch the jump box? I’d say no. The jump box is crucial because it keeps server management from being directly accessible to the public.
Both approaches can boost your security, but they guard against different kinds of risks. Using a jump host limits exposure and adds control points, while passkeys help to prevent credential theft. Just relying on direct RDP—even with passkeys—can expand your attack surface.
Absolutely go for the jump host! Direct RDP for users usually leads to trouble down the line.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures