Here to Help: Securing Your Form with CAPTCHA

Written by Jessica Haas on June 22, 2016

Posted in Here to Help, IT + Security

“Here to Help” is a support column written especially for Formstack’s awesome, loyal customers. This post is part of a four-post series on web form security.

If you’ve spent any amount of time on the Internet, you’ve likely come across CAPTCHA a time or two. CAPTCHA is basically a set of text or numbers that users are required to type correctly before they can take a certain action on a site (e.g., download an image or submit a form).

Formstack gives you the option to use CAPTCHA as another layer of protection on your secure forms. To learn more about this form security feature, read on as we take a closer look at form CAPTCHA:

Spam, Be Gone (Why You Should Enable CAPTCHA)

All Formstack forms have behind-the-scenes technology in place to help prevent spam. However, if you still see spam activity on your secure forms, you might want to enable CAPTCHA.

CAPTCHA is available on all paid accounts and gives another layer of protection to your forms. When enabled, CAPTCHA controls are placed at the end of your form to help deter would-be spammers.

CAPTCHA is not required for your forms to be secure online forms, but it’s a good option if you’re getting too many submissions that seem like spam.

Easy as Pie (How to Enable CAPTCHA)

To enable CAPTCHA on a form, follow these quick steps:

  • Go to Build > Form Extras (at the bottom of the options box on the left side of the screen).
  • Find “CAPTCHA,” and toggle it to “ON.”

Enabling CAPTCHA on Formstack's secure forms

Once form CAPTCHA has been enabled, it will be placed at the bottom of your form and look something like this:

CAPTCHA on Secure Online Forms

User Beware (Warnings about Using CAPTCHA)

Before you use CAPTCHA as a form security measure, make sure you understand the potential downside. Here are a couple reasons you may want to avoid using CAPTCHA on your secure online forms:

  • CAPTCHA typically doesn’t play well with Internet Explorer, particularly IE8 and IE9. This means the CAPTCHA can be hard for users to read if they are viewing your embedded forms on these browsers.
  • If CAPTCHA is enabled on your form, your form is not Section 508 Compliant.

For more information on Formstack’s other web form security features, click below to dive into part three of this security series.