Identity Finder FAQ

What is Identity Finder

Identity Finder is a program that searches your computer for and helps to remove Personally Identifiable Information (PII) such as credit card, social security, and bank account numbers. The removal of this information can help to drastically reduce your risk of identity theft, which can be very costly to you and the University.

Why is USU using Identity Finder?

The University’s executive management has made the removal of sensitive data a priority for the University. USU is using Identity Finder to proactively locate and secure sensitive data on computer and server hard drives so that it is not left vulnerable to potential identity theft.

Am I required to install Identity Finder?

To fullfill our Payment Card Industry Standards and to be in compliance to University Information Security Policy we offer this tool to help comply with policy, so we encourage everyone to install and use it.

How much will Identity Finder cost?

University faculty, staff, and students can use Identity Finder free of charge.

Where can I find Identity Finder?

Identity Finder for Windows can be downloaded here:
http://www.usu.edu/if/IdentityFinderUSU.msi

Identity Finder for Macintosh can be downloaded here:
http://www.usu.edu/if/IdentityFinderUSU.dmg

Where can I find more information about using Identity Finder?

Help with using the Windows software can be found here:
http://www.identityfinder.com/Help/Client_Win

Help with using the Macintosh software can be found here:
http://www.identityfinder.com/Help/Client_Mac

What information does Identity Finder locate?

Identity Finder is capable of finding the following Identity Types on your computer.

  • Social Security Numbers
  • Credit Card Numbers
  • Passwords
  • Bank Account Numbers
  • Driver License Numbers
  • Dates of Birth
  • Phone Numbers
  • Other (using pattern matching)

What can I do with information that Identity Finder locates?

Shred: Permanently deletes the entire file containing PII.  
This feature should only be used if you are certain that none of the information contained within the file is necessary.

Scrub: Removes only the characters in the file that constitute the WPII.  
This feature should be used if the actual numbers/words identified as PII are not necessary but you still wish to save the rest of the file.

Ignore: Adds file location to a list that Identity Finder will ignore in future searches.  
This feature should only be used if the data identified as PII is not actually PII. For example, Identity Finder may   find a series of random, meaningless numbers in a file that appear in the same format as a credit card or social security number. This data is known as a ”false positive” and does not need to be removed. CAUTION: DO NOT USE IGNORE UNLESS YOU ARE 100% POSITIVE THE DATA IS NOT PII.

Quarantine: Moves the PII to a separate folder to be acted upon later.
Quarantine is a "last resort" method for handling PII. When a location containing PII has been identified but the entire file is absolutely neccessary, the Quarantine feature can be used to relocate that data to a seperate folder, the location of which you will be prompted for. You will then be required to encrypt the information by your own means or by consulting a your IT Personnel responsible for maintaining your computer.

Where can I find the recommended scanning configuration for Identity Finder?

When faculty or staff install the Enterprise version, Identity Finder connects to USU servers and downloads the appropriate configuration dynamically. For other versions, we recommend scanning the entire computer, including network drives and email, and external hard drives, flash drives, etc. Always make sure to scan for SSN and credit card numbers at the very least.

What happens when Identity Finder locates incorrect PII?

Sometimes Identity Finder will find data that appears to be PII, but is in fact not. This data is known as a "false positive". When this occurs, select Ignore to keep the data and prevent Identity Finder from accidentally locating it again.

Will a scan slow my computer?

The first time Identity Finder is run it may take a long time and may affect the computer’s performance. Subsequent scans should be much faster and should not affect system performance as much.

Who sees the results of a scan?

Scan results can be seen by you and are sent to a secure server and may be reviewed by an IT administrator, where they will be reviewed purely for the purpose of protecting you. Administrators will only be able to see the file location and type, the actual contents of the file cannot be seen by anyone but you.

Who sees the results of a scan?

Scan results can be seen by you and are sent to a secure server and may be reviewed by an IT administrator, where they will be reviewed purely for the purpose of protecting you. Administrators will only be able to see the file location and type, the actual contents of the file cannot be seen by anyone but you.

How long does a scan take to complete?

The length of time to complete a “full” scan depends on your computer’s performance capabilities and the amount of data being searched. In most cases, a scan will not last longer than 20-30 minutes.

How often should I run an Identity Finder scan?

How often Identity Finder should be run is dependent on the job function. Once per month should be the minimum, more often if your job function requires dealing with confidential data regularly.

Where does Identity Finder search on my computer?

Identity Finder can find the PII on the following locations:

  • Searching Files
  • Searching E-Mails
  • Searching Web Browsers
  • Searching the Windows Registry

What are Anyfind, Multifind, and Onlyfind?

AnyFind search by clicking the appropriate Identity Type buttons on the Identities Windows ribbon. Identity Types are the various PII that might be located on your computer.

OnlyFind allows you to search for only individual's specific personal information instead of any person's information. Instead of finding all numbers with the SSN format, you specify the unique SSN.

MultiFind is Identity Finder's advanced, proprietary technology that automatically searches computers for various Identity Types together in a single location. MultiFind is a way to require AnyFindIdentity Types to be dependent on each other.

How do I Search for Sensitive Data?

You can customize what you want to search for by choosing options on the Identities ribbon and Locations ribbon.

How do I Search for HIPAA information?

HIPAA-protected information may be located using by selecting Health Information as one of the types of files that Identity Finder searches for. More information can be found using the following links:

How can I search for credit card (PCI) information?

PCI-protected information may be located using Identity Finder’s MultiFind technology, and selecting PCI Information. More information can be found using the following links:

Windows:http://www.identityfinder.com/help/client_win/index.htm#search_for_payment_card_industry_(pci)_information.htm
Macintosh: http://www.identityfinder.com/help/client_mac/index.htm#3679.htm

Why am I receiving a licensing error?

All Identity Finder installations will be fully licensed to the University upon installation. If you are receiving a license error please call your departmental IT support.

Another possible cause for the licensing error message could be your computers date and time settings. If the date and time are incorrect on your computer, the program may not recognize it as a currently registered device and deny access.

How Frequently Should You Search Your Data?

It is required by university policy that Identity Finder be run once per month, but running it on a weekly or even daily basis will insure a higher level of security for your computer. New PII can be exposed on your computer every day, so the more frequent searches are run, the more effective they will be. You can also schedule Identity Finder to run automatically on a periodic basis via the Results Wizard, the Scheduling button, or the Settings dialog box.

How do I reset my Profile Password?

The Identity Finder client application provides the ability to save settings, configuration information, and sensitive data across sessions through the use of a profile password. It is not possible to recover a lost password; however, it is possible to delete a profile and create a new one. When the profile password is created, that password is used to encrypt the profile. The profile password is not stored anywhere and therefore if it is lost or forgotten, then all of the information in the profile will be lost. The following data will be lost when deleting a profile:

  • Custom Folders, Remote Computers and authentication credentials
  • OnlyFind Identities
  • Ignore list entries
  • Password Vault entries
  • Database connection information
  • Websites list

How do I reset my Profile Password?

The Identity Finder client application provides the ability to save settings, configuration information, and sensitive data across sessions through the use of a profile password. It is not possible to recover a lost password; however, it is possible to delete a profile and create a new one. When the profile password is created, that password is used to encrypt the profile. The profile password is not stored anywhere and therefore if it is lost or forgotten, then all of the information in the profile will be lost. The following data will be lost when deleting a profile:

  • Custom Folders, Remote Computers and authentication credentials
  • OnlyFind Identities
  • Ignore list entries
  • Password Vault entries
  • Database connection information
  • Websites list

How do I delete a profile using Identity Finder?

A profile can be deleted by logging into Identity Finder as a guest by skipping the password screen, opening the Profile page within Settings/Preferences, and clicking the Delete profile button.

How do I manually delete a profile?

To manually delete a profile, remove the file identityinfo.dat from the specified location(s) found in Windows and MAC on-line user guides.

How do I create Custom Types using regular expressions?

Identity Finder provides the capability to extend a search to include custom keywords, phrases, or patterns via the Custom Type identity type.

To search for specific patterns, you can provide regular expressions directly via the Client interface or via policy. A regular expression (regex or regexp) is a specially formatted text string that describes a search pattern.
Example: USU's A# in the format A00000123 may be found using the regular expression: [a-zA-Z]\d{8}
To obtain an overview or tutorial on regular expression basics and well as advanced topics, we recommend searching the Internet for terms such as "regular expression tutorial", 'learning regular expressions", or "introduction to regular expressions".

What is a Digital Shredder?

The shredder technology is based on the United States Department of Defense Directive 5220.22-M, which provides baseline standards for the protection of classified information. It uses multiple levels of deletion so that the file you delete may not be recovered, even by undelete programs. You can read more on the Defense Technical Information Center website.

Why is my virus scanner creating alerts during Identity Finder searches?

During the course of an Identity Finder search, anti-virus applications may create an alert for files created in a subfolder of IDFTmpDir located in the user profile folder. This is not a problem with Identity Finder, but rather indicates that the user's system already contains one or more infected files.

The files in IDFTmpDir are created during a search, specifically and most commonly when extracting files from archives (e.g., .zip files) or when detaching them from e-mail messages.
To search these files, Identity Finder places them in a temporary folder and then attempts to open them for read access. If the file has a virus, the act of extracting or detaching the file to the temporary folder and/or the attempt to read the file may trigger the anti-virus application (depending on its configuration).
If Identity Finder is configured to log "Locations Searched", you may be able to determine the specific archives or messages that contain the infected file(s); however, in these instances, it is recommended that you perform a full anti-virus scan of the user's system ensuring a search within archive files and e-mail attachments.

For additional details on the location of the user profile folder for each operating system, please refer to the Windows or Mac configuration guide.

Do I need to run Identity Finder on public computers?

If the computer in question is a public computer (does not have a specific owner such as libraries, labs, etc.) and has a set up for reimaging the machine on a frequent bases, it should automatically be exempt from policy enforcement. To verify that a computer is exempt, please contact the PCI Compliance Officer.

#theTemplate.getDirectEidtLink()#