Here to Help: Securing Your Form with Invisible reCAPTCHA

Written by Jessica Haas on June 22, 2016

Posted in Here to Help, IT + Security

Post last updated on January 25, 2018.

“Here to Help” is a support column written especially for Formstack’s awesome, loyal customers. This post is part of a four-post series on web form security.

If you’ve spent any amount of time on the Internet, you’ve likely come across reCAPTCHA a time or two. reCAPTCHA is a CAPTCHA-like system created by Google. Instead of using a set of text or numbers that users are required to type correctly before they can take a certain action on a site, reCAPTCHA only requires people to click a checkbox to confirm they are human. Through machine learning and risk analysis, reCAPTCHA is able to determine whether or not a person is a bot.

Formstack gives you the option to use Google’s latest version of reCAPTCHA, which is called Invisible reCAPTCHA. This tool works invisibly in the background to prevent bots from flooding your submissions with spam. To learn more about this form security feature, read on as we take a closer look:

Spam, Be Gone (Why You Should Enable Invisible reCAPTCHA)

All Formstack forms have behind-the-scenes technology in place to help prevent spam. However, if you still see spam activity on your secure forms, you might want to enable Invisible reCAPTCHA.

Invisible reCAPTCHA is available on all paid accounts and provides another layer of protection for your secure forms. When enabled, this tool works behind the scenes to help deter would-be spammers. People are not required to complete image or audio CAPTCHA puzzles unless they are flagged as suspicious.

reCAPTCHA is not required for your forms to be secure, but it’s a good option if you’re getting too many submissions that seem like spam.

Easy as Pie (How to Enable Invisible reCAPTCHA)

To enable reCAPTCHA on a form, follow these quick steps:

  • Go to Build > Form Extras (at the bottom of the options box on the left side of the screen).
  • Find “Invisible reCAPTCHA,” and toggle it to “ON.”

secure forms

User Beware (Warnings about Using Invisible reCAPTCHA)

Before you use reCAPTCHA as a form security measure, make sure you understand the potential downside. Here are a couple reasons you may want to avoid using reCAPTCHA on your secure online forms:

  • reCAPTCHA does not work very well if you are using an old or outdated browser. For best results, please follow Google’s browser recommendations.
  • If you enable reCAPTCHA, your form will no longer be compliant with Section 508 or WCAG standards.

For more information on Formstack’s other web form security features, click below to dive into part three of this security series.