Customers with a Business account may secure their online forms using the instructions given in this document. After implementing the changes, all information transiting between online form users and FormSmarts and FormSmarts and your computer will be exchanged using the standard secure protocol (SSL/TLS) like on this demo.

SSL/TLS ensures:

  • Information is encrypted while in transit to prevent snooping by third parties
  • Information is indeed submitted to and retrieved from FormSmarts servers.
Secure Form

Check the Strength of Your Password

The single most important step to secure your data is to pick a strong password.

Please check the strength of your current password by typing it in the password field on FormSmarts' registration page. If the score reported by the strength meter is anything other than ‘good’ or ‘great’, change your password immediately. Please read the recommendations for choosing a strong password provided at the bottom of this page.

Change the Form Embedding Code

If the form you want to secure is embedded on your site, edit the code snippet provided by the form builder as follows:

  1. Add https: on line 2
  2. If needed, replace http with https on line 3

<style> … <iframe class="fs_embed"
  src="" allowfullscreen="true">
<a href="">Can't see the form? Click here</a>.

Use the Secure URL for Standalone Forms

If users are going to access a form directly with its URL (or shortened URL), simply change the protocol part of the URL from http to https:

The same applies to the shortened URL:

Secure Mode: Risks of Receiving Form Responses by Email & Need for Accessing Form Entries Online

There are two risks associated with receiving form responses by email:

  • The risk of someone accessing the content of the email while the message is in transit from FormSmarts to your email host
  • The risk of someone getting access to the form entry if your email account is compromised even years after the form was submitted (a far greater risk given that many people keep messages archived in their email account forever).

FormSmarts always delivers email using an encrypted connection if supported by your mail host. Most mail providers nowadays support encryption, but if your email server doesn't, we will deliver form responses via a non-secure connection.

For this reason and to address the second risk, online forms can be set up so that email notifications do not contain form data, but only a link to access the form entry on FormSmarts. Members need to sign in to FormSmarts to be able to view the form entry.

If your form is sent to multiple email recipients, please create a guest user account for each of them and only give users access to specific forms. Do not share your FormSmarts admin account credentials with others within your organization.

If you would like to set up a form with the Secure Mode described here (only possible with certain types of accounts), please contact us.

Since form data is not shown in email notifications, the form will not work unless data storage is enabled.

Security Tips

The overall security of a system is only as good as its weakest part. Here is a password security check list:

  • A password of ten characters or more is recommended.
  • MiX uPpER and loWercaSEs.
  • Use numbers and special characters: ~!@#$%;(^_…
  • Avoid obvious substitutions like '0' for 'o' and '1' for 'l'.
  • Do not use simple passwords based on dictionary words or character patterns like 'qwerty' or '87654321'.
  • Never use the same password on multiple sites.
  • Do not share your password with anyone.
  • Never click on ‘reset password’ requests in emails — instead go directly to the FormSmarts homepage and follow the password reset link on the login screen.
  • FormSmarts staff will never ask you for your password.
  • Ensure your password is not written anywhere where it could be accessed by a third party.
  • Turn on two-step verification.

To change your FormSmarts password now, visit this page.