[Wolves] credit card signatures etc

[Aquarius]

Old Dan spoo'd forth:
>> One of the main problems is that signatures are rarely if never checked
>> properly and so have ceased to be a realiable security check.
> 
> Yeah I said that.  And as I also said, that problem is not fundamental to
> the signature system, rather widespread carelessness on the part of
> cashiers.  A management, rather than a technological, issue.

Hm. One of Bruce Schneier's better insights, in my opinion, is that a
system which essentially encourages laziness or bad working on the part
of its implementors *is* essentially flawed. If it's important that
people check the signatures, which it is, then you set up the system so
that they have to check them. If you give people a chance to be lazy
and not enforce the system properly, then some non-zero percentage of
them will do so. This is the system designer's fault. While it would be
nice to live in a utopian world where everyone does everything right,
we do not, and therefore any security system which includes humans
*must* take human nature into account. Random password generation, as
an example, is theoretically good for security (because it eliminates
dictionary attacks, among other things) but it results in people
writing their passwords down because they can't remember them. This
doesn't mean that we go forward with random passwords and shoot
everyone who writes one downL: it means we do not use random password
generation. How people will use (or are able to use) your system is a
considerably more important design criterion than how it theoretically
works in practice.

Aq.

-- 
I was sitting next to Aquarius. God, the man is a beer vacuum. He just
sucks it down.
           -- Jehanneton, alt.fan.eddings