Why passwords fail to make PDFs uneditable & how to make a PDF non editable without passwords
While PDF password protection software claims to make your PDF files uneditable, the security can be easily removed and is therefore useless. Here we cover why and better ways to protect your documents which are more suited to a business environment.
When Adobe created the PDF format in 1992, it was created solely as an easy way to share documents. There was seemingly little thought as to how the format would develop, or, more specifically, what the needs of future businesses would be.
In the years since, Adobe has naturally tried to address these shortcomings by providing the ability to add open and edit (permission) passwords to PDF files. However, this is unfortunately a band-aid fix. As Adobe itself tells you when you add a permissions password, some third-party PDF readers do not respect these settings. Bypassing editing protections is therefore as easy as opening the PDF in another app.
So, if the protection of the format’s creator is useless, what hope is there? As it turns out, quite a lot. Adobe’s failure in this area is not due to technical impossibilities, it’s just that Adobe Acrobat is not a security solution. It is first and foremost a PDF editor and reader.
By utilizing the right third-party, purpose-built PDF protection software or tool, you can create a non editable or read-only version and stop editing. Emphasis, however, must be put on the right part of that sentence. There are many pitfalls and snake oil products that you’ll need to be aware of if you want to achieve true PDF security.
Basic password protection
The first category of PDF security tools is what we can call PDF password protection software. They use two types of passwords:
- The open password – required to open the PDF
- The permission password – required to print and edit the PDF
If a user knows the open password, the permission password can be instantly removed – either bypassed by using a different app or by uploading to a free PDF password removal service, which removes the document’s permissions in seconds.
So the permissions password (used to prevent users from removing editing restrictions) is totally useless, and adding an open password does not necessarily stop unauthorized users from gaining access to protected PDFs either:
- Authorized users can remove the password or share it with others, along with the document
- Passwords can be cracked using dictionary or brute force attacks if they are not long and complex
Because of these flaws, it’s best to just avoid password security entirely, if you can. Passwords have never stopped intentional sharing, copying and editing, and they likely never will. This makes data rooms, Microsoft Word password protection, secure document portals, etc. all inadequate in a business environment.
Document collaboration platforms
Document collaboration platforms may seem like the perfect choice for sharing non editable PDF files at first glance. While yes, access is granted via a username and password, they often bundle features like two-factor authentication or do away with passwords entirely via a separate authenticator app. You can then share your document via a link that has editing permissions removed.
Sadly, this isn’t as effective as it might appear. Firstly, an authorized user can grant access to an unauthorized one by simply performing the authentication for a remote user. This is broadly true for all cloud platforms, including Adobe document cloud security. It is then possible to easily remove the editing controls because web-based controls are inherently exploitable.
Ultimately, then, anybody who is given access to a document, whether it’s on a document collaboration platform or via a cloud storage service, will be able to duplicate it to another document and edit it with minimal effort.
How to prevent PDF editing without passwords
If you want to stop unauthorized editing and sharing, then you need to avoid passwords and web browsers entirely so that there is nothing to share and less that can be manipulated. There are a few ways of doing this (for example, biometric authentication), but these methods can usually be bypassed if an authorized user authenticates for an unauthorized one. To prevent this, you need a solution:
- That uses strong encryption
- Has transparent and secure key management in replacement of passwords
- Locks PDF to devices so that they cannot be transferred from one computer to another
- Provides strong anti-copying, printing, and screenshot controls to prevent editing via duplication to a new document and use of optical character recognition tools.
- A secure implementation that cannot be easily bypassed
- Dynamic watermarks to identify user screenshots and scans, should you allow them
Essentially, then, to make a PDF non editable and enforce those restrictions, you need a digital rights management (DRM) solution.
How to make a PDF uneditable or unmodifiable with Safeguard DRM
Locklizard Safeguard DRM uses a combination of encryption, secure licensing, and document controls to ensure that documents cannot be edited regardless of who is using them and where they are stored. These controls are simple to apply, and access and license distribution are managed via a central portal.
Here’s how you make a PDF uneditable with Safeguard from start to finish:
- Right-click the PDF in File Explorer and select “Make secure PDF”
- Protect the PDF from copying by ticking the relevant controls. We recommend that you add a watermark to discourage sharing. Safeguard creates permanent dynamic watermarks that identify users.
- Locklizard PDF will automatically protect a PDF from copying text and images, but you may want to take additional steps to protect your PDF from screen capture. Without screen capture protection, a user can screengrab your PDF and import it into an optical character recognition tool to make the text editable. To prevent this, open the “Environment Controls” tab and tick “Disallow screen capture” and optionally “Add screen mask” which covers the viewer window with an image if focus is moved away from it.
- Press the “Publish” button at the bottom of the window
Locklizard will automatically protect a PDF from editing for anybody who has access to it. This restriction cannot be bypassed, and as the user cannot make a copy of the document, they won’t be able to clone it and edit that, instead. On publication, your document will output to its source folder in the .pdc file format and you can safely share it knowing that nobody can access it without a valid license.
- Add a user account and send them their license via the Safeguard admin portal.
With the PDF published, you’ll need to send your recipients the encrypted .pdc file, alongside a download link for the secure PDF reader application and a valid license. The simplest way of doing so is by ticking “Email license” when you add a new user. See how to add a new user and grant them document access.
Safeguard Secure PDF viewer cannot have its anti-editing controls bypassed because it does not have the ability to edit in the first place – only highlight and add annotations. It also does not have copy and paste functionality, Save As functionality to convert to other files formats, and does not allow printing to file drivers. You can choose whether to allow screenshots or printing and enable watermarks when you do to make re-scanning or using OCR tools difficult.
Why make a PDF non editable?
There are numerous reasons you might want to make a PDF uneditable, but these are the main ones:
- To stop accidental modification (the movement of images, deletion of text, etc.).
- You want to prevent recipients from deceiving others (for example, changing the “amount payable” on an invoice or the wording of a contract).
- The document contains information that should only be updated in regular intervals
- The contents of the file must be unchanged to meet compliance requirements
- To prevent someone from passing off content as their own (e.g. modifying a report or training course document that they then sell under a new brand)
Most solutions can achieve protection against scenario one via a “read-only” mode. The others, however, will require specialist security software to enforce editing restrictions.
Locklizard Safeguard – the ultimate PDF protection
Locklizard doesn’t just make PDFs uneditable or unmodifiable – it gives document publishers modular control over how their documents can be used and who can use them. With it, admins can:
- Stop users copying and pasting text and images
- Block screenshot grabbers
- Prevent sharing by locking PDFs to devices
- Revoke users and documents at any point, regardless of location
- Expire documents on a fixed date, after a number of prints or views
- Track document use, including how many times a document is opened or printed
- Allow or deny printing. Choose how many prints to allow and whether or not they should be color or greyscale/black and white
- Lock access to IP addresses and countries
- Allow offline use with full security enforced
This flexibility, combined with the security features mentioned above, allows Locklizard to offer the most comprehensive PDF protection on the market, preventing PDF editing without passwords both online and offline.
Does Locklizard allow document collaboration?
No. Once you protect a PDF document with Locklizard, the protected file cannot be edited, including in collaborative scenarios. Users are encouraged to instead use annotations to add comments and highlights to PDF content with their feedback. The sender can then modify the original, unprotected document without exposing it to direct editing from others.