How to Create a Secure Form
This documents provides instructions for FormSmarts members to protect access to their account and ensure their forms are submitted via a secure encrypted connection.
The information in this document only applies to Business account. Free and Pro accounts do not support two-step verification and forms associated with those accounts cannot be submitted using a secure encrypted connection and are thus not suitable for collecting personal information.
Secure Your AccountThe first step towards securing your account and the data you store with FormSmarts is to prevent unauthorized access: set a strong password and enable two-step verification.
Check the Strength of Your Password
Please check the strength of your current password by typing it in the password field on FormSmarts' registration page. If the score reported by the strength meter is anything other than ‘good’ or ‘great’, change your password immediately.
Here is a password security check list to help you choose a new password:
- Passwords must contain a minimum of 8 characters, with a maximum of 100 characters. 10 characters or more is recommended.
- Do not use a password you already use on another site.
- Do not use simple passwords based on dictionary words or character patterns like 'qwerty' or '87654321'.
- MiX uPpER and loWercaSEs.
- Use numbers and special characters: ~!@#$%;(^_…
- Avoid obvious substitutions like '0' for 'o' and '1' for 'l'.
- Passwords may contain non-English characters (ñ, 美,…) if your browser allows them and whitespaces. Whitespaces are ignored at the start and end of a password.
To change your FormSmarts password now, visit this page.
- Do not use a password you already use on another site.
- Do not share your password with anyone.
- Ensure your password is not written anywhere where it could be accessed by a third party.
- Never click on ‘reset password’ requests in emails — instead go directly to the FormSmarts homepage and follow the password reset link on the login screen.
- FormSmarts staff will never ask you for your password.
- Turn on two-step verification.
If your forms are sent to multiple email recipients, please create a guest user account for each of them and only give individual users access to specific forms. Do not share your FormSmarts admin account credentials with others within your organization.
Use Two-Step Verification
We recommend you turn on two-step verification to increase the security of your account. Two-step verification adds another layer of security to the log in process and helps prevent unauthorized access to your account and protect the data you store with FormSmarts.
Two-step authentication is required for members with forms using the secure mode.
Ensure Forms are Submitted via a Secure Connection
To prevent form data from being accessed by a third-party when a form is submitted, make sure the FormSmarts.com URL or f8s.co shortened URL you share with form users starts with https. If you've embedded forms onto your website, check that the embed code you use on your site only contains HTTPS URLs.
With the current version of our forms, a grey padlock is displayed on the form when it is loaded and submitted with HTTPS.
HTTPS uses the SSL/TLS security protocol to ensure that:
- Information is encrypted while in transit to prevent snooping by third parties
- Information is indeed submitted to and retrieved from FormSmarts servers.
The current version of the embed code and form URLs given by the form builder use HTTPS by default, but that wasn't the case in the past.
Update the Form Embedding Code
If you created a form and added it to your site many years ago, the URL or embed code may not be using the HTTPS URL. You'll need to update your site to change this.
If the form you would like to secure is embedded onto your site, edit the FormSmarts code snippet as follows:
https:on line 2 (if
https:is already there, go to the next step)
- If needed, replace
httpson line 3
<style> … <iframe class="fs_embed" src="https://formsmarts.com/form/1o7f?mode=h5embed&lay=1" allowfullscreen="true"> <a href="https://formsmarts.com/form/1o7f?mode=h5">Can't see the form? Click here</a>. </iframe>
If the FormSmarts embed code you're using doesn't look like the one above, please switch to the current version of FormSmarts forms.
Use the Secure URL for Standalone FormsIf you want to share a form's FormSmarts.com URL or f8s.co shortened URL with your users so they use the standalone version of a form, simply change the protocol part of the URL from
https://formsmarts.com/form/1o7f?mode=h5The same applies to the shortened URL:
After implementing the changes discussed in the last section, all information transiting between form users and FormSmarts when a form is submitted will be exchanged using the standard secure protocol (SSL/TLS).
Data is always encrypted when you access form entries on FormSmarts or export entries to an Excel spreadsheet, however it might not always be when FormSmarts delivers email to your mail host.
Risks of Receiving Form Responses by Email
There are two risks associated with receiving form responses by email:
- The risk of someone accessing the content of the email while the message is in transit from FormSmarts to your email host
- The risk of someone getting access to the form entry if the email account of one of the destination emails of the form is compromised even years after the form was submitted (probably a far greater risk given that many people keep messages archived in their email account forever).
FormSmarts delivers email using an encrypted connection if supported by your mail host. Most mail providers nowadays support encryption, but if your email server doesn't, we will deliver form responses via an insecure connection.
For this reason and to address the second risk, you can set up yours forms to use the Secure Mode1. With FormSmarts Secure Mode, email notifications do not contain form data, but only a link allowing authorized users to access the form entry online after signing in to FormSmarts.
Data storage must be enabled with the Secure Mode. The data submitted is not shown in email notifications with the Secure Mode, so data will be lost unless data storage is enabled for that form.
The Secure Mode activates a number of other security features on FormSmarts. If you would like to set up a form with the Secure Mode, please contact us.
- The Secure Mode is only available with FormSmarts Business Max package and higher.