Password-Protected Student Self-Assessments with Google Forms

I was having a conversation with a colleague, James Little (@jamolittle), a few days ago about how we can use Google Forms for self-assessments. I mentioned that I've seen teachers use them for self-assessment in lots of different subjects (eg. Literacy, Physical Education, Science, Drama, etc).

  • Students have access to a Google Form that the teacher has built
  • The select their own name
  • They fill out the self-assessment questions on the form and hit submit

The issue is that there is no guarantee that students will select their own name! Either by accident or on purpose, a student could select another's name and report on them.

Now, this does not necessarily have to be an an issue if you are collecting email addresses as you will see that the username does not match the name of the respondent. However, if you are using an Add-on like docAppender ( to push self-assessments back to the student, there is a chance students could receive the wrong (and potentially hurtful) comments.

By using Data Validation in Google Forms, this issue is solved!

When students click on their name in the form, they are automatically pushed to a page that requires a password before they continue. 

This will ensure that students' self-assessments are their own.


Today, I received an email from A.M. Heijboer. I learned that this workflow with Google Forms is not truly "password-protected". In Chrome (and likely in other browsers too), anyone is able to click on View -> Developer -> View Source.

This allows you to see the code behind the webpage. When looking at the source code, you can scroll down and see the original regular expression that the Form is looking for as the student's password.

If the form's audiences is restricted to members of a G Suite for EDU domain, then the chance of someone knowing it is possible to find the password in the webpages source code is far less likely but it should be noted that it is possible. Although this is not a significant risk, those using 'regular expression' as data validation should know that this can happen.

If forms are shared publicly, there is more of a chance someone will know to look for this.

Therefore, it would be digitally responsible to use a different password than the one used to log into the student's Google account so that if someone does uncover the password, they cannot access the student's account.
tutorial 2739067853113924599

Post a Comment

  1. hello im a blogger too...i found out your blog on google,its a nice blog, full of information and i like to read your article, keep work.. would you mind to visit my blog too and give some suggestion to improve my blog.. this is my blog address :
    Judi Online



Home item

Share and +1 on Google+

Follow by Email

Tweetin' About:

Popular Posts

Recent Comments