Nowhere to hide
GCN Lab review: Identity Finder makes it easy to locate and manage documents with ID info
- By Greg Crowe
- Apr 30, 2008
The loss or theft of personal information is a serious problem. The proliferation of portable and mobile devices and their inevitable attrition only compound the risk.
Unless you are assiduously careful, you deposit some of your identity information on your computer practically every day. From cookies left by Web sites to log-in files for applications, various aspects of your identity are strewn across your computer.
When the computer connects to a network in a physically secure office, this is not a major concern. However, if that computer is a laptop PC or personal digital assistant that is swapped among several users ' all the while running the risk of loss or theft ' it becomes a potentially serious problem.
Identity Finder 3.4: Enterprise Edition from Identity Finder averts this potential disaster by searching your computer, alerting you to the presence of identity information and offering various options for dealing with it.
We found the Identity Finder software simple and quick to install.
A wizard led us by the hand through the steps of an introductory search for the most basic identity data ' credit card information, bank accounts, Social Security numbers and passwords. We also could enter specific data to search for, such as date of birth, mother's maiden name or a phone number. We then chose whether to search files, registry items or other information in addition to where to search. Once we had made our selections, it went to work.
Identity Finder was methodical in looking for the requested information. Searching the 26,870 items on our test computer took 19 minutes, 46 seconds. Considering that it must search each file completely for these patterns and information, we consider that quick.
We were also pleased to see that the Enterprise Edition can search network drives as easily as it can local ones. In our tests, this type of search was nearly as fast as the local search, slowed only by our network connections. Master sleuth
Identity Finder carries its quest for the target data not only to text, word processor and spreadsheet files but also ' through an Object Linking and Embedding database connection ' to large, server-level databases, Web sites served by network computers, and even cookies and auto-complete fields that reside on every Web browser. There is no hiding from this master sleuth.
After the software finds files containing identity information, it puts them into a list. Clicking on one makes it appear in a preview pane to the right that shows the data in the file if not the actual formatting.
At this point, the user has four options on how to proceed. Each option can be selected independently for individual files on the list, or you can check off the desired files and perform the same action simultaneously.
The first option is to encrypt the data using methods available for the particular type of file. For instance, Identity Finder will use Office encryption to secure any Microsoft Office document with a password.
The level of encryption for each file depends on the encryption capabilities built into the program that created the file, but most programs meet or exceed 128 bits.
All the passwords can be created and controlled centrally through Identity Finder under one master password.
The second option is to redact the identity information from the file.
When doing this, Identity Finder replaces the information with placeholder data, such as a string of X's, but leaves the rest of the document intact. This option is permanent, and the replaced information is lost. This is useful if a document needs to be retained as a sample only.
The third option is to quarantine the file in a secure location on the computer running Identity Finder or another networked computer.
If you choose this option, Identity Finder makes a copy of the file in the quarantine location and permanently shreds the original. After that, the file is available only through the Identity Finder software, which requires a password to access. Virtual shredder
The fourth option is to permanently shred the file.
As we are all painfully aware, simply deleting a file ' and even emptying it from the recycle bin ' doesn't get rid of its data. Identity Finder shreds files by implementing the Defense Department's 5220.22-M deletion standard. Once a file is shredded by this method, you can be certain that it is completely gone.
Identity Finder lets you save your configuration file so you can periodically search the same locations for the same data.
You could also save and export a configuration, setting other computers with Identity Finder installed to search in the same way by importing the configuration file.
It even has the option to schedule a low-priority search to be performed automatically in the background while you do other work.
The log file generation system is flexible, creating log items whenever a new item is found or when an already-secured item is skipped over.
You can set Identity Finder to create new log files or append them to existing ones.
Like the data items, you can encrypt or password-protect log files using Federal Information Processing Standard 140-2 Level 1 validated 256-bit Advanced Encryption Standard. Easy interface
The advanced interface that appears if you opt to not run the wizard has ribbons that make it easy to identify what data type and search location options are turned on. Any of these options can be toggled on or off with one click.
The advanced interface also can be set to look for forms of identity information common in Canada, the United Kingdom and Australia in addition to user-defined types.
Identity Finder 3.4: Enterprise Edition is available at $39.95 per seat. We found this price a bit high, considering the program's capabilities and ease of use.
Government pricing starts at $29.95 and goes down from there depending on the number of licenses. This price is more in line with our expectations and can be a bargain with a large number of users.
Identity Finder would be a good choice for any office, particularly if keeping proprietary identity data under wraps is a priority
Greg Crowe is a former GCN staff writer who covered mobile technology.