How to Create a Secure Form
This documents provides instructions for FormSmarts members to protect access to their account and ensure their forms are submitted via a secure encrypted connection.
The information in this document only applies to Business account. Free and Pro accounts do not support two-step verification and forms associated with those accounts cannot be submitted using a secure encrypted connection and are thus not suitable for submitting personal data.
Secure Your AccountThe first step towards securing your account and the data you store with FormSmarts is to prevent unauthorized access: set a strong password and enable two-step verification.
Check the Strength of Your Password
Please check the strength of your current password by typing it in the password field on FormSmarts' registration page. If the score reported by the strength meter is anything other than ‘good’ or ‘great’, change your password immediately.
Here is a password security check list to help you choose a new password:
- A password of ten characters or more is recommended.
- MiX uPpER and loWercaSEs.
- Use numbers and special characters: ~!@#$%;(^_…
- Avoid obvious substitutions like '0' for 'o' and '1' for 'l'.
- Do not use simple passwords based on dictionary words or character patterns like 'qwerty' or '87654321'.
- Never use the same password on multiple sites.
- Do not share your password with anyone.
- Never click on ‘reset password’ requests in emails — instead go directly to the FormSmarts homepage and follow the password reset link on the login screen.
- FormSmarts staff will never ask you for your password.
- Ensure your password is not written anywhere where it could be accessed by a third party.
- Turn on two-step verification.
To change your FormSmarts password now, visit this page.
Use Two-Step VerificationWe recommend you use two-step verification to increase the security of your account. Two-step verification adds another layer of security to the log in process and helps prevent unauthorized access to your account and protect the data you store with FormSmarts.
Ensure Forms are Submitted via a Secure Connection
To prevent the data from being accessed by a third-party when a form is submitted, make sure the form is loaded with its HTTPS URL, shortened URL or embed code.
HTTPS uses the SSL/TLS security protocol to ensure that:
- Information is encrypted while in transit to prevent snooping by third parties
- Information is indeed submitted to and retrieved from FormSmarts servers.
Update the Form Embedding Code
If the form you would like to secure is embedded onto your site, edit the FormSmarts code snippet as follows:
https:on line 2 (if
https:is already there, go to the next step)
- If needed, replace
httpson line 3
<style> … <iframe class="fs_embed" src="https://formsmarts.com/form/1o7f?mode=h5embed&lay=1" allowfullscreen="true"> <a href="https://formsmarts.com/form/1o7f?mode=h5">Can't see the form? Click here</a>. </iframe>
If the FormSmarts embed code you're using doesn't look like the one above, please switch to the current version of FormSmarts forms.
Use the Secure URL for Standalone FormsIf you want to share a form's FormSmarts.com URL or f8s.co shortened URL with your users so they use the standalone version of a form, simply change the protocol part of the URL from
https://formsmarts.com/form/1o7f?mode=h5The same applies to the shortened URL:
After implementing the changes discussed in the last section, all information transiting between form users and FormSmarts when a form is submitted will be exchanged using the standard secure protocol (SSL/TLS). Data is encrypted when you access form entries on FormSmarts or export entries to Excel, however it might not always be when FormSmarts delivers email to your mail host.
Risks of Receiving Form Responses by Email
There are two risks associated with receiving form responses by email:
- The risk of someone accessing the content of the email while the message is in transit from FormSmarts to your email host
- The risk of someone getting access to the form entry if the email account of one of the destination emails of the form is compromised even years after the form was submitted (probably a far greater risk given that many people keep messages archived in their email account forever).
FormSmarts delivers email using an encrypted connection if supported by your mail host. Most mail providers nowadays support encryption, but if your email server doesn't, we will deliver form responses via a non-secure connection.
For this reason and to address the second risk, you can set up yours forms to use the Secure Mode1. With FormSmarts Secure Mode, email notifications do not contain form data, but only a link allowing authorized users to access the form entry on FormSmarts after signing in to FormSmarts.
If your forms are sent to multiple email recipients, please create a guest user account for each of them and only give individual users access to specific forms. Do not share your FormSmarts admin account credentials with others within your organization.
If you would like to set up a form with the Secure Mode, please contact us.
Since form data is not shown in email notifications with the Secure Mode, the form will not work unless data storage is enabled for that form.
- The Secure Mode is only available with FormSmarts Business Max package and above.