Does Jotform intend to improve security measures as time goes on?

Dear Jotform Support Team,

It's perhaps still some ways off, nothing is sure and you have other security measures in place, but I was wondering about for example the use of RSA 2048 encryption. I won't pretend to be an expert on the matter, but various sources do mention that RSA 2048 is expected to be safe until 2030. Does Jotform intend to move away from RSA 2048 and towards an alternative such as RSA 4096 encryption, or take other measures for security maintenance at that time?

I look forward to your response.

Hi Tijs,

Thanks for reaching out to Jotform Support. Jotform is committed to maintaining strong security controls and continuously improving them over time. Currently, Jotform uses 2048-bit RSA keys for encrypting form submissions and employs TLSv1.2 with SHA256/RSA encryption for HTTPS connections. We also use 256-bit SSL encryption to protect data in transit.

Our security measures include regular penetration testing, vulnerability assessments, and a bug bounty program to quickly identify and fix any issues.

Additionally, Jotform offers advanced security features such as form encryption with end-to-end encryption, two-factor authentication (2FA), and options for local data residency centers to comply with data privacy regulations.

Though there is no specific public timeline for moving to RSA 4096, Jotform ensures that all encryption and security protocols are kept up to date to protect your data effectively well beyond 2030.

Let us know if you have any other questions.

Hi Arslan,

Thank you for your answer, it has been informative. Would you be able to tell if Jotform has any plans to update to TLSv1.3 in the near future?

Hi Tijs,

Thanks for your follow-up question regarding Jotform's plans to update to TLSv1.3. Jotform is committed to maintaining strong and up-to-date security protocols to protect user data. While there is no specific public timeline available about the transition to TLSv1.3, Jotform continuously evaluates and updates its encryption and security measures to ensure the highest level of protection. This includes adopting newer protocols like TLSv1.3 when appropriate to enhance security and performance.

Jotform currently uses RSA 2048 encryption for its encrypted forms and has no publicly announced plans to move away from it. But, Jotform does continuously update its security measures and has introduced Encrypted Forms 2.0 for Jotform Enterprise, which includes end-to-end encryption and a form-specific password system, according to Jotform. This indicates a commitment to improving security and privacy, even if not explicitly replacing RSA 2048. 

Regardless of which plan you have, all of your forms are served across a protected 256-bit Secure Socket Layer (SSL) connection that uses a SHA256 Certificate. It's industry-standard protection. For encrypted forms, submissions are encrypted with high-grade RSA 2048 on our user's computers, and then transferred and stored securely on our servers.

Jotform’s data servers are co-located in a cloud-based architecture with Google Cloud and Amazon Web Services (AWS). Google Cloud data centers are hosted in Iowa (USA). AWS data centers are located in Frankfurt, Germany (EU), and Virginia (USA). Hosting Jotform on these major cloud platforms also provides us with some extra benefits using security-best practices in areas like hardware lifecycle management, physical security, and network infrastructure. Our servers are regularly updated and patched.

If you’re a Jotform Enterprise user, you can choose the physical location of your dedicated cloud server and host your data in any part of the world. This is especially important for complying with data privacy rules and location requirements in places such as Australia, Canada, the UK, and EU. Only users and admins within your Enterprise account will be able to access your data server.

We also have an article about Jotform Security Measures that you can check out.

Reach out again if you have any other questions.