Identity Finder Unearths Secrets Hidden in PCs, Macs

I found the lack of results-filtering tools to be a drawback when dealing with the large set of results generated after my first search. For subsequent searches, however, that shouldn't be as big of an issue, since presumably far fewer results would be found.

Mac Edition works with OS X 10.4 or later; it costs$19.95 for a single-user license or $49.96 for a three-user license.

Cleaning Up the Mess

Once you've collected and reviewed your data, Identity Finder Pro lets you select each found file that contains an identity item, preview the identity data in context, and take any of several different actions to deal with it:

* "Scrub" sensitive data from within the source document. This works only if it is an Office 2007, text, HTML or comma-separated variable file.

* Shred the file, through a multiple-pass deletion process that renders it unrecoverable. This can be dangerous, however -- for example, Identity Finder found multiple instances of "Social Security numbers" embedded in a file associated with LastPass, a password manager Firefox add-on. Those were not Social Security numbers, says Sameer Kochhar, director at LastPass, but JavaScript coding. Had I shredded or quarantined that file, LastPass would have broken and I would have had to either restore the file or reinstall LastPass to get it working.

* Encrypt the file. When you encrypt files (using your application's built-in encryption, Identity Finder's 256-bit AES encryption or a third-party encryption tool such as PGP) or save search results, Identity Finder prompts you to create a profile password. Unfortunately, it does not enforce the creation of a strong password, nor does it provide guidance (such as a displaying a "strength meter") on how to create one. This seems a bit strange for a product that stores reports containing summaries of highly sensitive data. (An optional setting to enforce strong passwords is available in the Professional and Enterprise editions but is turned off by default.)

* Quarantine it. The quarantine feature allows the user to move offending files to a new area and encrypt them. A nice option here: You can configure Identity Finder to leave behind a text file with the original file name. When opened, it includes this message: "The original file ... contained unsecured, personally identifiable information. It has been quarantined to [location]."

* Send it to the Windows Recycle bin. As an Identity Finder pop-up warns when you mouse over this option, documents sent to the Recycle Bin are easily recoverable, so why offer this option at all? According to David Goldman, president and chief operating officer, Identity Finder added the option after some enterprise customers complained that their users could accidentally shred important files. (By using the Recycle Bin, the user can set aside files containing identity data, moving them there for later review before shredding.

* Ignore it, in which case it won't come up again in subsequent searches.

Firefox Encryption

One of the biggest groupings of sensitive data that Identity Finder came across in my tests was the 50 or so online username and password combinations I'd allowed Firefox to store for me on my business laptops. What Firefox doesn't tell you is that you need to turn on encryption under Tools --> Options --> Security settings and create a master password if you want those stored passwords encrypted.

Product mentioned in this article

(1 items)

  • Identity Finder

    This data-shredding software is effective at finding and protecting personal information on a PC, but it's expensive.

Subscribe to the Security Watch Newsletter

Comments