One of the reasons that our security is as bad as it is, is the perceived resistance of employees to new, or even changed, controls. Why is it that even enterprises that offer strong authentication to customers, still rely upon fraudulently reusable passwords, vulnerable to social engineering, for employee authentication? Employees continue to rely upon passwords even though they are implicated in more than half of all breaches and even though msny strong authentication solutions are much more convenient than passwords. Could it be, at least in part, that management wants to avoid the inevitable employee whining that accompanies any and every change in controls?
Its true! Many, not to say most, employees do whine and complain over any change in controls. Even good managers are deterred from such changes by such resistance. The good news is that most of the resistance only lasts a day or two. Even those who complained the earliest and loudest get over it in a day or two. They do not continue to resist what they quickly come to see as inevitable.
Oh its true, a few continue to complain. Let's face it, they were not happy yesterday, they will not be happy tomorrow, their happiness is not within management's control. They are grievance collectors, Failing to do the right thing in an attempt to quiet their complaints is futile. Get over it. Do the right thing.