Human inspection of security features is based on a cycle of actions: the development and execution of a strategy, and the observation and evaluation of results. These actions aim at establishing the state of the object: genuine or fake. These actions require knowledge, which is either in the head (memorized) or in the world (provided by the object). It is argued that knowledge in the world is most suitable for adequate inspection of first line security features. In contrast, knowledge in the head cannot be relied on, unless standardization is consistently implemented. From the action cycle five pertinent questions ensue. How easily can the user: (1) determine and understand the function of the device? (2) tell what actions are possible? (3) execute the actions? (4) observe the results? (5) compare the observed results with the expected results? A set of generic design rules is derived, involving the function of the device, the execution of a strategy, and the evaluation of the result. A number of first line security features is evaluated from this human factors point of view. These comprise substrate embedded features (watermark, windowed thread), features added to the ink (iridescent pigment), printed features (intaglio, small lettering, see-throughs, latent images), and post-printed features (iridescent foils). It is concluded that many current security features do not meet basic ergonomic design rules. However, iridescent optically variable devices tend to have a potential to meet these requirements.