Password Protect PDF

How to Password Protect a PDF File with Adobe & why it is Not Secure

  Free Trial & Demo

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Password protecting PDFs

PDFs are a popular and convenient choice that millions use as a file format for distributing images and text in a consistently reliable display format.  Since this type of document can be opened on practically any operating system or platform without any change in the fonts, format and layout on screen and in print, it continues to stay relevant for personal and professional use.

For security and confidentiality, PDFs can be password protected to restrict the viewing of the content only to selected users (only users with the correct password can open them), or they can be secured by modifying the permission settings to prevent modification of the file contents and printing.  However Adobe password protection has multiple weaknesses – password protected PDFs can be shared with others and permissions instantly removed.

  Types of Adobe PDF Passwords


Adobe was the earliest pioneer in producing PDF documents, and over the years, they added a number of security controls to help secure PDF documents from misuse.  During the early versions of PDF documents, security in the form of access controls or continuing use controls was not supplied, mainly because the most significant characteristic of Adobe PDF documents was to ensure that what was displayed on the screen or on a printed copy was identical, irrespective of the operating system or printing device being used.

The earliest security controls introduced by Adobe in their PDF documents were passwords, and it quickly became the most popular access control mechanism over the years due to the fact that passwords are a common form of access control in other systems.  PDF documents can also be digitally signed to ensure that if document contents are tampered with then users are alerted to this fact.

Currently, Adobe provides simple security to password protect PDF files – this enables the creator to limit access to the PDF file and/or restrict specific features, such as editing the document or printing it.  However, the document owner cannot restrict or prevent the saving of numerous copies of the same PDF (not good news if a password has been shared or broken), revoke it if it has been misused, or expire it after a certain amount of time.

Adobe has two levels of security to password protect a PDF:

  • Document open password

    Also called the user password or owner password, controls who can open the PDF document.  The user needs the specified, correct password to open the document.

  • Permissions password

    Also known as the master password.  This password controls what users can do with a document – whether they can edit and print it, etc.  When a permissions password is set, the recipients of the document are not required to type in the password in order to open the document.  If, however, the controls to restrict editing need to be reset or changed, the permissions password must be typed in.

If the creator of the PDF document secures the PDF file with both types of passwords, the document can be opened with either password.  However, for the user to modify the restricted features, the permissions password must be entered.

Given the added security, it is often seen that setting both types of passwords is beneficial in securing the content of the document.  However, the Permissions password can be easily removed by freely available PDF password remover applications which attack the weak implementation of the Adobe PDF Security Handler rather than the password itself.  Adding permissions to restrict editing and printing are therefore worthless.

With the help of the permissions password, restrictions can be enforced on Adobe PDF files.  However, if these settings are not supported by third-party products, recipients of the document will be able to find a way round some or all of the restrictions set by the creator.  In addition, most freely available password removal programs can remove the restrictions password in seconds due to its poor implementation.

The document open password is more secure, and it is important to understand that if the password is forgotten or misplaced, it cannot be recovered from the PDF withhout using a PDF password removal tool.  As a result, Adobe recommends maintaining a backup copy of the PDF document without password controls.

Password protection can be added to PDF files when they are first created or after they have been created.  You can also password protect PDFs that you have received from somebody else, unless the originator of the PDF file has laid restrictions on who can modify security settings (but these can be easily removed by freely available password remover programs).

  How to remove the open password from a PDF


To remove the password security controls from an open PDF document you must enter it before you can remove it from the PDF.

If the PDF document is controlled with a server-based security policy, it can be changed only by the server administrator or the author of the policy.

If you don’t know the password, a PDF password remover tool can remove the open password, especially if short and/or weak passwords have been used.  You can find more info on cracking password protected PDF files here.

  How to password protect a PDF file using Adobe Acrobat

Using Adobe Acrobat to password protect PDF files


Adobe Acrobat offers various solutions to secure PDF files in the form of using passwords, redacting classified data from text, and automating security tasks when the file is opened.  More secure and expensive solutions use Rights Management controls rather than passwords, but users must be known to the system. This is because it works in the traditional PKI manner, with users’ public keys being used to encrypt documents.  The Adobe rights management system is aimed at internal company use, where users are a known entity.  If you are trying to sell a PDF document, for example, it would be unreasonable to ask the user for their public key first before they could receive it.

To password protect a PDF file in Adobe Acrobat:
  1. Click ‘File’, which is on the top horizontal toolbar.
  2. Select ‘Open’ by scrolling down the drop-down list.
  3. Using the file browser window, select the PDF file you want to password protect.
  4. Press the ‘Protect’ button on the right-hand side.
  5. Press ‘Advanced Options > Encrypt with Password’ in the top bar.

Look for the PDF password security dialogue box when it comes up.  Determine the choices you would like to take as to the levels of security you are seeking to use:

  • In the ‘Document Open’ and ‘Permissions’ sections, you can also choose whether you wish to enter a password only for opening the file (PDF owner password) or a password for making modifications to the content (PDF permissions password).  If you choose to select the option of using a password only for opening the PDF document, go to the first option and type in the password of your choice.
  • If you are looking for ‘added security’*, that is, you need a password to prevent unauthorised editing, go to the ‘Permissions’ section and change ‘Printing Allowed’ and ‘Changes Allowed’ to ‘None’ or ‘Low resolution’ in the dropdown.  Also make sure that ‘Enable copying of text, images and other content’, and ‘Enable text access for screen reader devices for the visually impaired’ are unticked.
  • In the ‘Options’ section, click the dropdown next to ‘Compatibility’ and choose the version of Acrobat you think your readers are likely to use. Be aware that Adobe Acrobat 6 uses 128-bit RC4 encryption, which is not as secure as AES.  You can also decide whether to encrypt all document contents or leave metadata unencrypted.
  • Once you have made your selections, click ‘OK’.  You will once again be asked to confirm your password before the changes are permanently saved.

Now the PDF document you have created is password protected.  Any user who intends to use it must have the password you have created in order to read, modify or print the document.

If you have applied just a permissions password, you and other users will not need to enter the password in order to open the PDF file.  However, if you intend to make modifications to the permission settings for the PDF file, you will need to enter the password that you had initially created.

While saving the PDF document, it can also be saved as a certified document.  Doing so will add an invisible certifying signature that increases the assurance level that the document’s integrity and authenticity are preserved since any changes to the file invalidates the signature.

*Note:  we mentioned ‘added security’ when applying a permissions password.  The reality, however, is that this can be easily removed by free PDF Password Removal software.  You are not really adding any additional security here.

   How to password protect a PDF file without Acrobat

If you don’t want to use Adobe Acrobat, you can use an online tool or download an app like PDFEncrypt.  Downloaded software is more secure since you don’t have to upload unprotected files to an unknown server where they could be compromised.  However, be cautious about the app you use.  We chose PDFEncrypt because it is free and open source.

Here’s how to use PDFEncrypt to password protect a PDF file without Acrobat:

  1. Open PDF Encrypt.
  2. Press the three dots next to “Choose a file to encrypt”, browse to your PDF, and open it.
  3. Press the three dots next to “Choose a destination”.  Browse to where you want to save the encrypted PDF, and press “Save”.
  4. Enter the open password for your PDF or generate one using the button.
  5. Press “Encrypt” to protect the PDF.

  Other programs to protect PDFs

Most PDF writer applications provide PDF password security along the lines of Adobe Acrobat.  See PDF password protection to protect PDF files.

  Why should I use passwords to protect my PDF files?


Passwords are commonly used by millions of PDF users.  Protecting PDF files with the use of passwords can ensure that even if the file is misplaced or lost, the content in the PDF document will not be accessible to any other individual.  That is, unless, the password has been shared with them.  Using passwords to protect your PDF files can therefore be a ‘safe’ way of ensuring that data within the file is secured.

If you distribute or upload to a web site a non-protected and unsecure PDF document, you are exposing your document to anyone that can access and download it.  To prevent this from happening, you can password-protect PDFs, ensuring that your PDF document is available to those that have been given the password to open it.  Note however that this is not fool proof – you still have to trust authorized users not to share the PDF and the password with others.

  WARNING: PDF Passwords are easily removed

If you use passwords to secure PDF files, you may not be getting adequate security since they can be easily hacked into with the help of the numerous PDF hacking tools and password crackers (PDF Password Recovery software) available on the Internet.  PDF files that are password protected are easy to hack into and open if weak passwords have been used.

Without a strong password, you might as well not bother password protecting the PDF to begin with.  A strong password is one that is of a decent length (say 16 characters or more) and is made up of mixed case and non-alphanumeric characters.  However, these types of passwords can be cumbersome to manage, so it is important that the password used to protect the PDF file is maintained safely for future use, in the event that it is forgotten at any given point in time.

If you are thinking of relying on the permissions password to prevent PDF copying, editing, printing, etc. then don’t.  This can be removed in seconds using password recovery software.

Most companies opt for the cheapest solution to protect their PDF files (PDF password protection).  As a decision maker in a critical situation concerning sensitive data, opting for any basic version of PDF protection software is not particularly a good idea.  It is unlikely to have the level of security, features and type of security required for complete document protection.  Adobe password protection does not prevent sharing, editing, copying or printing because the restrictions are simple to remove.  If you are seeking effective and robust protection you will need to use alternative solutions to protect PDFs that do not use PDF password protection.

  The Importance of using strong PDF Passwords


Passwords are as important as physical keys to a safe or property – they are digital keys that protect your files and the data contained in them.  It is therefore important to ensure you have used adequate security measures. Otherwise, unauthorised users will be able to access your passwords and therefore the contents of your PDF files.

In order to maximize the effectiveness of passwords, users must apply good practice such as avoiding the use of the same password on multiple PDF files.  If this is not done, it creates a single point of failure, which means that if a hacker is able to retrieve information from one PDF document, he can easily gain entry to all the documents.  In addition, users must exercise extreme caution when storing or making a note of passwords.  Obtaining passwords through ‘dumpster diving’ or ‘shoulder surfing’ is highly plausible in an office environment, which is why great care must be taken while devising and storing passwords.

To add more security when protecting your PDFs with a password, it is important to ensure that the password is substantial, with at least sixteen characters and a mix of lowercase as well as uppercase letters, including symbols and numbers. Using special characters, punctuation and digits will enhance the strength of the password significantly.  While adding password protection to PDF files it is important to remember that the password will be shared with others who are authorized to open it.  So, do not use any passwords from your personal accounts.

Different PDFs containing important information and confidential data should have different passwords for every file and not a word that can be easily guessed.  If the password is difficult to memorise or remember, it can be written down and stashed away in a safe place outside the computer.

IT experts recommend that PDF passwords should be changed several times during the course of usage and transmission.  For example, if a PDF has to be sent to numerous users, a unique password must be employed for every user, as a single password sent to all users can be easily compromised.  However, this means protecting the PDF separately for each user, which is cumbersome and time-consuming.  Not to mention having to keep a record of all the passwords in use for each user.   The reality is that using unique passwords for each password protected PDF is unlikely to happen as it introduces a management overhead that is costly to maintain.

  Using Strong Passwords to protect PDF files

Educating employees about the significance of using strong passwords to protect PDF documents is a fundamental step in ensuring that passwords are the first line of defence for document security.  It is imperative that employees are made to regard their passwords in the same manner they would protect their personal information or physical keys.

It is important that employees avoid creating weak passwords that have the following features:

  • Actual name of the user, surname or organisational name.
  • An easy to guess dictionary word; using dictionary words is a bad idea because PDF password removal programs target common words located in a dictionary to attack the system.  These are referred to as ‘dictionary attacks.’
  • Words such as ‘password’, ‘123456’, ‘ABC’, ‘XYZ’ etc. are extremely common and easy to guess.
  • Some letter substitutions, such as using ‘!’ Instead of ‘I’ or ‘$’ in place of ‘S’ can also be easily guessed.
  • Passwords that have been written on a piece of paper and irresponsibly maintained.
  • Common passwords for a number of people.

Some common tricks that can help make passwords stronger as well as memorable, include:

  • Making use of entire passphrases or sentences as passwords.
  • Using only the first alphabet of every word of a popular passphrase or a quote, such as NitMoI! (Necessity is the mother of invention!)
  • Stringing together simple and short words and tying them with symbols or figures, for instance ‘Sea+7+blue’

  Secure alternatives to PDF Password Protection


Using passwords to protect PDF documents that contain classified or sensitive information is no longer relevant in today’s highly advanced technological world. Password protecting Adobe PDF files does not prevent sharing since users can just share the password with the PDF or enter and remove it before sharing an unprotected file.

PDF documents that have been password protected where the password is not known, can be easily unprotected with the help of simple and free PDF password cracking solutions (PDF Password Recovery software) available on the Internet.  Document restrictions to prevent editing and printing (those ‘protected’ with the permissions password) can be removed in seconds, and document open passwords can take minutes, hours, or days depending on the length and complexity of the password.

The best way to ensure that your sensitive data in your PDF documents remains protected is to use high-level strength encryption methods such as public key technology, secure and transparent key transmission, and encrypted key storage.

Locklizard is the leader in PDF document protection software and uses US AES encryption, public key technology and Digital Rights Management to protect PDFs beyond simple passwords.  Our PDF DRM protection is used worldwide by information publishers to secure PDF files against unauthorized access and misuse.

Safeguard PDF Security protects PDF files with AES encryption without the use of passwords, ensuring your protected PDF files are not exposed to simple security weaknesses.  Our secure PDF Viewer software and web based licensing system transparently manages decryption keys so there are no passwords to enter or manage.  PDF files are locked to specific devices so they cannot be shared with others, and the document owner can expire and revoke documents at any stage, enable offline use, apply dynamic watermarks, stop printing, and prevent screen grabbing of content.

In conclusion, securing your sensitive PDF files with passwords is not a sensible option, given the number of ways in which password protected PDFs can easily be cracked and the time required to manage each password.  If you are serious about securing PDF files then look for a PDF DRM solution that does not rely on passwords.

  FAQs

How do I password protect a PDF file for free without Adobe Acrobat?

There are numerous online tools that let you password protect a pdf for free.  Just typing in “protect pdf with password” on Google will get you a ton of sites.  It’s worth noting, however, that although these tools aren’t Adobe Acrobat, their protection functions in a similar way (using passwords) – meaning it can be easily bypassed or removed.

How do I send a password protected PDF securely?

If you’re just looking to protect your PDF from interception (in transit), apply a unique, secure password with software like Acrobat and send the file as usual.  Communicate the password to the recipient either in person or through a different communications medium/encrypted message.

Of course, you still need to trust that the recipient will not share your document.  Also, once decrypted it is trivial to remove Adobe editing and printing restrictions and remove the open password.

Why can’t I password protect my PDF?

It may be because the PDF is already password protected.  Check the security properties of your Adobe Reader application to ensure this isn’t the case.

Does password protecting a PDF encrypt it?

Yes.  However, the decryption key is locked behind a simple password.  Passwords are more likely to be guessed, shared, or otherwise compromised than other encryption and decryption methods.

How strong is PDF password protection?

Not very strong at all.  While the 128-bit or 256-bit AES encryption algorithm used is strong, tying it to a password is a bad idea.  As well as being able to be guessed or brute forced, passwords can be shared with unauthorized users to give them access to the document.  And, once the document has been opened, it can be easily removed anyway.

So, PDF password protection is only strong if you a) use a strong password and b) trust the recipient completely.

Can a password protected PDF be tracked?

There are various plugins that let you protect a PDF with Acrobat and then track its use, but these plugins typically represent a security risk.  Most require you to enable JavaScript in the document to work or turn off security in the document, opening users to malware.  Others can be overruled by a plugin by a different manufacturer or just break every time there is an Acrobat update.

Cloud-based systems that protect PDF files so they can be viewed in a browser, require entry of login credentials which can be easily shared so you have no idea who you are really tracking.

Bottom line, then – the best tracking is found in a PDF DRM solution like Locklizard Safeguard, which does not allow third-party plugins and can effectively prevent printing, editing, copying, screen grabbing, and more. It locks PDF files to devices so they cannot be shared, and there is no password for users to enter or share with others.  Safeguard Enterprise PDF can track each open and print, creating a log of the email and IP address so you can easily identify the user.

Where are PDF passwords stored?

Permissions passwords are stored within the PDF itself and do not use encryption – instead relying on PDF reader applications to honor the password.

On the user side, PDF passwords can be stored anywhere.  In the best-case scenario, complex passwords will be stored in the recipients’ brains and not written down anywhere at all.  Realistically, though, the best you can hope for is that they’ll be stored in a password manager (which represents a single point of failure).  Likely, you’ll find them on post-it notes and plaintext files instead, which represents an even greater security flaw.

Customer Testimonials