This NX key is/was never used the way you seem to think it is/was used. It is *not* a key securing the user's session.
OK. What was then the purpose of it?
If you want to improve security, using individual SSH keys makes more sense. If you're dealing with minimum password requirements - which you can't enforce on a keyfile, as far as I know - then maybe you should think about using a VPN connection along with regular password authentication. VPNs can use shared or individual keys, though again I'd strongly recommend using individual ones.
Not a bad idea to require VPN. It should be interesting to see if any latency will be introduced.