In 2022, the data of over 422 million individuals was impacted by data breaches.
This unfortunate reality doesn’t sway us. In fact, it’s what drives us to be focused (you might even say obsessive) about providing the highest level of security for your forms and accounts.
Today, we’re proud to introduce the next evolution of form security with Encrypted Forms 2.0.
There are unlimited purposes for forms, and each form contains its own kind of data — but all of it is sensitive and worth protecting. Encrypted Forms 2.0 delivers enhanced protection with
- More security: End-to-end encryption (E2EE) guards against unauthorized access and ensures data hasn’t been interfered with during transmission.
- Improved performance: Better performing encryption and decreased decryption times mean faster and more reliable access to your submissions.
- Better usability: Using a password — instead of a key file — to encrypt submissions is more intuitive; plus there’s a more engaging user interface.
What is form encryption, and why is it important?
Whether you’re a pro with forms or just a newbie, it might be helpful to get an understanding of form encryption and why E2EE is important when it comes to protecting your information.
Put simply, an encrypted form is one where the user’s responses are transferred and stored in an encrypted format. They are encrypted in the web browser of the person filling out the form and can’t be viewed by anyone else at any time (unless they have the encryption key or password).
With end-to-end encryption — the technique we’re now using — data is encrypted on the sender’s device and decrypted on the recipient’s device, so no one has access to the unencrypted data in between.
Generally speaking, encryption helps protect sensitive data such as passwords, personally identifiable information (PII), credit card or banking information, and more.
| Before | After |
|---|---|
| Encryption 1.0: asymmetric encryption, two keys to encrypt and decrypt data | E2EE 2.0: symmetric encryption, simplified by a single password to encrypt and decrypt data |
| Account based: all forms in your account encrypted with the same key | Form based: each form has its own password, increasing security across all forms |
| File-based key downloads that need to be stored | Passwords |
If you’d like to learn more about Encrypted Forms 2.0, join our webinar happening on August 3 at 11 a.m. (PT).
How to use Encrypted Forms 2.0
Ready to get next-level protection for your encrypted forms? Don’t worry; setting this up is simple.
To encrypt your forms, go to the Settings tab in the form builder (note: you can also select Form Encryption from the More dropdown on the My Forms homepage). The third option on the page is Encrypt Form Data. Switch the toggle to “yes.”
First, verify that it’s indeed you who wants to encrypt your form data. This is in the event that your device/browser is open, in a public/crowded space, or for other similar reasons. It’s an extra step to deter others from gaining access to your data.
You can verify it’s you by signing into your Google account; using our other login options, such as Microsoft, Facebook, or Apple; or entering your account password.
Next you’ll set your encryption password. This is the one and only password you’ll use to access your encrypted data later on, so be aware that if you lose your password, you’ll lose access to the data for that form (we can’t recover it for you). Your password must be a minimum of eight characters.
Click Enable Encryption to finish setting up your encrypted form.
When you preview your form, or send it out for submissions, you’ll notice that an Encrypted Form badge appears in the bottom right.
Checking your submissions in Jotform Inbox & Jotform Tables
To check your encrypted form data, either click View Submission in your notification email, or visit Jotform Inbox or Jotform Tables for that form.
In both interfaces, you’ll first be greeted with a prompt to Access Your Encrypted Form. This is where you enter your encryption password. Once entered, click the green Access button.
At this point you can view your unencrypted form data.
If you happen to be using your computer in public, or for some other reason would like to encrypt your submission while viewing it in your inbox or table, simply click the Encrypt Entries button on the top right of the screen.
Upon clicking, the interface will show the submission again but in the same format you first encountered.
What to be aware of when using encrypted forms
Encrypted forms are a smart way to ensure the security of your data. However, you should be aware that some Jotform features are incompatible with form encryption.
Mainly that’s because E2EE encryption occurs on your very own computer/device/kiosk or wherever your forms are filled out. As a result, Jotform doesn’t have access to the decrypted data, which is necessary to carry out the proper functionality for these products/features.
Here’s a list of the features that have limited functionality or are incompatible with Encrypted Forms 2.0:
- Jotform Sign. The automation portion of Jotform Sign (digital certificate, audit log, etc.) can’t be generated with encrypted forms. However, the basic signature element in the form builder is compatible with Encrypted Forms 2.0 as long as Jotform Sign automation isn’t enabled.
- Third-party integrations. Payment gateways, however, do still work.
- Save and Continue Later
- Change Email Recipient condition
- Jotform Approvals
- Autoresponder emails. However, notification emails (with standard, non-customizable content) will be sent to form owners.
- PDF downloads. The data in the PDF Editor can still be viewed and printed.
- Report Builder and form reports. Excel, Grid Listing, HTML Table, RSS, and Calendar reports are available.
Did you know
A word about HIPAA. Forms that enable HIPAA compliance are automatically encrypted, though the type and method of encryption differs from Encrypted Forms 2.0. If you’re a healthcare organization and interested in learning more, check out our HIPAA features.
If any of the platform features mentioned above are crucial to your workflow needs, don’t fret! There are still ways to ramp up the security of your data without losing the tools you need to get your job done.
Whether you encrypt your forms or not, we’ve included some best practices for better privacy and data security:
- Use password protection to limit access to your forms.
- Password managers: Use a password manager like 1password or Bitwarden to securely manage the 100 passwords the average person has these days! 😬
- In the Publish tab of the form builder, update the Access Settings to Private. This way, only people who are invited can access your form.
- If you’re on a Jotform Enterprise plan, you can add multiple users to your account to stay in control of your data and/or use single sign-on (SSO) — where users have to be authenticated before they can view your form.
- Always use strong/complex passwords, and be aware of who has physical access to your devices.
- You can learn more about how we secure your forms and accounts by checking out the chapter “How to secure your forms” in Jotform for Beginners.
For those who have been using the existing encrypted forms feature, be advised that this new version of encryption will only apply to forms you create moving forward. Any forms using the prior version of encrypted forms (and that received submissions) will continue using the prior version.
In the past, it was possible to set form encryption as a default for all forms via the Account Security page. For those users who employed this setting (and only those users), your forms will continue using the old version of the feature for existing and new forms, until you uncheck this option.
Encrypted Forms 2.0 and the final word on security
We’re always “banging the drum” about security because we take your trust in us very seriously. It’s why no matter what your needs are, we’re committed to delivering industry leading data security and form encryption.
Encrypted Forms 2.0 is the latest step along our journey, offering you next-level protection through end-to-end encryption and better reliability through faster processing times and a revamped user interface.
Finally, we have an Encrypted Forms 2.0 help guide for more step-by-step instructions and resources. Stay safe out there!
Send Comment:
7 Comments:
249 days ago
From this encrypted 2.0, how are we going to decrypt now all the data that was collected on jotforms API?
258 days ago
I just saw the announcement about Encrypted Forms 2.0, and I couldn't be more thrilled! This is a significant step forward in enhancing our data security and privacy, especially in a time where online privacy is more important than ever.
It's great to see that the team has been working hard to provide us with an upgraded version of the Encrypted Forms platform. The fact that our form submissions will now be even more secure with advanced encryption measures is a huge relief. I appreciate the dedication to keeping our sensitive information safe from any potential threats.
275 days ago
The link to the Encrypted Forms 2.0 help guide is giving me a 404 error. Can you fix?
276 days ago
De qué se trata eso
277 days ago
Please cancel my subscriotion. I am not able to use your service anymore
277 days ago
What happens when we forget the access code? Do we have to delete that form and start a new one?
277 days ago
Thanks for this helpful information. However, I am having a hard time understanding why I even need the HIPAA compliant version for PHI when you are now able to use end to end encryption for forms on the free version.