Revokable, frequently refreshed credentials
As I was reading the article I crossed it with something I've seen in Tesco: they can log into a till and print a barcode that they can then use to quickly log in and give help without entering any passwords.
While I don't think the Tesco system is much more secure than passwords on post-it notes, it gave me an idea:
What if, when the shift starts, or on demand later in the day, a public/private key pair is generated and the private key is printed as a QR that the employee can add to their badge? The key would have limited validity - say, until the employee checks out, and it would be easily revoked and reissued if lost or stolen.
The floor staff wouldn't need much training beyond "Don't lose it. But if you do, go scan your employee badge on this machine in the back and get a new code." Getting a new QR would invalidate the last QR issued to this employee. While not exactly RSA token secure, it's convenient for the employees and it's better than post-it notes and Password123 as the national password, with the benefit of very frequent password changes.