I have been asked a few questions recently around RDS 2012 Web services and two factor authentication.
The good news is there are products out there which will allow you to add Two factor or One Time Password (OTP) solutions to your RDS environments. So all those high security organisations, yes you can secure and tie down access to RDS using two factor or OTP .
Have a look at the following links:
Duo Security: https://www.duosecurity.com/microsoft
Scorpion software: http://www.scorpionsoft.com/docs/authanvil/rdwebaccess