The open lock icon symbolizes that in this state, when no respondent passwords exist, the questionnaire is unlocked, and anybody who knows the URL to the questionnaire can enter as many responses as he wishes.

Respondent passwords address the fundamental conflict between anonymity and security against manipulation of survey results.

If the questionnaire can be filled in by anybody who knows its URL, and at the same time respondents are anonymous, there is no guarantee against single respondents entering an extreme opinion multiple times with the aim of manipulating the survey results.

While it is possible to detect and correct this kind of manipulation by analyzing IP addresses, submission times, by using the "sorting by similarity" feature of the raw reports page, and finally, by deleting the invalid responses, it might be desirable to make this kind of attack impossible in the first place, without giving up the anonymity of respondents.

This can be done by using Respondent Passwords. The steps are:

	Generate respondent passwords for the survey you want to secure.
	Distribute the passwords to the respondents. Make sure that every respondent receives exactly one password, and make them available in a way that makes it impossible to trace who got which password, for example, by printing the passwords on separate pieces of paper and letting every respondent pick one password from an urn. To make sure that even the last one to pick a password is still anonymous, it can help to generate and print more passwords than there are respondents, and the last person to pick a password should witness the second-to-last one picking a password. That way, every respondent knows that not even someone who knows all passwords that were distributed had the possibility of tracking who ended up with which password.
	Once you have generated respondent passwords for a survey, the questionnaire is automatically locked. Only after entering a respondent password can the questionnaire be filled in, and it is impossible to fill in multiple questionnaires with the same password.

Creating new passwords is easy - just enter the desired number of passwords and click on the button.

If you want to unlock the questionnaire and make it again possible to answer without entering a password, delete all respondent passwords by clicking on the "Delete all passwords" button.

Click on the link containing the number of unused passwords to download them all in one text file.

The passwords are user-friendly: they are not too long (just 6 characters), and they don't contain any characters that look too similar, for example lower-case l, capital I, and the digit 1.