Why PDF password protection is useless for protecting PDF files.
PDF password protection may seem a quick and easy option to protect PDF files but it provides a fig leaf of security at best. If you want to protect PDF documents securely then you need to look at PDF DRM solutions.
When people think about protecting PDF files, the first thing that springs to mind is encrypting a PDF using a password for protection. After all, password protection is commonly available in most PDF creator applications and is therefore quick, convenient, and cheap to use. But is it a secure means of protecting PDF files – or just fig leaf protection?
Issue 1: Passwords can be readily shared
Now passwords do have their uses, and are certainly convenient if you are sending a PDF to someone – perhaps a trusted individual who you know won’t share it with others, along with the password – or you just don’t care if or who they distribute it to.
So, this is the major issue with PDF password protection – the password to open the PDF can be shared along with the document and there is nothing you can do to stop it. If the password can be shared it means that anyone and everyone has access to your protected PDF file so you might wonder why bother password protecting it to begin with?
Issue 2: Ordinary PDF restrictions can be easily removed
You might decide that you only want to prevent printing, so you don’t mind who can access the PDF document as long as they cannot print it. But here is the second major issue with PDF password protection – if a user has the password to open the PDF then they can remove the password that controls PDF use (the PDF restrictions password) using freely available online password recovery tools, in seconds. So the restrictions you have applied are totally useless.
It should be noted that Adobe PDF restrictions are based on an ‘honor’ system and applications don’t have to obey them, so other PDF readers other than Adobe Acrobat may just ignore them anyway.
Issue 3: Key management and secure distribution
When using passwords, you need to consider how you manage all of the passwords for your protected PDF files. Do you use the same password for every file (not a good idea by anyone’s standards but easy to remember) or do you use a unique password for each one? How long and complex do you make passwords, and how often should they be changed?
If you use a unique password for each PDF file that you protect, then you are going to have to keep a list of them somewhere. And that list needs to be stored securely so it is not readily accessible by others.
If the passwords are long and complex then your recipients also have to maintain password lists.
You also have to think about how you distribute the passwords that are needed to open the PDF files securely (if you send them by email then they could get intercepted), and what happens when other people you have sent protected PDF files to forget their passwords to open them. So, there is a fair amount of management involved in maintaining, distributing and redistributing passwords and keeping track of who has been given which ones.
Decide what you want to achieve
Before choosing passwords as the method for protecting PDF files you have to decide what your objective is – sending a password protected PDF to a reliable individual may be fine (although you may find that a pure encryption program such as PGP is more secure and manageable), but if you are selling PDFs (training courses, reports, etc.) or sharing confidential business information in PDF format, then clearly you need to look for something rather more secure.
There is no point in applying security that can be easily removed or becomes too unwieldy to manage on a large scale.
PDF DRM security – the secure alternative to PDF password protection
This is where PDF DRM solutions using public key technology come in. Public key technology may sound more complex, but in fact it can be a lot simpler – key management can be handled transparently so that the both the people sending protected PDF files and the people receiving them do not have to worry about entering keys or using certificates in order to protect PDF files or view them. But how does it work?
In this system, when a PDF file is protected it is encrypted with a random key which is secretly transmitted to a licensing (admin) server.
The next step is authorizing users to access documents. This is the simple matter of creating a user account on the admin system and selecting which protected documents they are allowed to access. The admin system sends the user an email with a link to download a secure Viewer and a license file. The user then installs a Viewer and clicks on the license file to register with the system (link their device with their user account). A decryption key is then generated (after some crypto modification called hashing and salting to make it more secure) to allow the admin system to transfer information to the individual user’s keystore.
When a user attempts to open a protected PDF file, the Viewer software checks to see if it has the corresponding key to open it in its keystore. The keystore is an encrypted file stored on the device (and locked to the device so it will not work on other devices) which holds keys to open protected documents. If a key is not present in the keystore then the Viewer will check with the server to see if the user has been authorized to view the PDF. If they have then, the decryption key is secretly downloaded to the keystore and the PDF file can be opened. On subsequent opens the key can be loaded directly from the keystore (allowing offline document use).
The Viewer then enforces any DRM controls that have been applied to the individual document.
So PDF DRM solutions solve the main issues of PDF password protection – ensuring that keys required to decrypt PDF files cannot be shared, enforcing PDF restrictions, and providing secure and transparent key management and distribution.
Advantages of PDF DRM vs PDF password protection
PDF DRM solutions have many advantages over PDF password protection, providing not only greater protection and ease of use, but additional document control over how your documents can be used.
10 reasons why you should use a PDF DRM solution over PDF password protection
- There are no passwords to enter so passwords cannot be distributed freely to unauthorized users, and do not have to be managed.
- Password recovery applications and similar tools will not work since there is no password or key input process available to attack.
- Keys are secretly managed so both administrators and users don’t have to remember them.
- Keys are securely transferred and stored on authorized devices so administrators don’t have to worry about or become involved with distributing keys securely.
- DRM controls are enforced by the Viewer software and cannot be removed, unlike implementations that use Adobe Acrobat – these include all password-based PDF protection and PDF DRM suppliers that use plugins to Acrobat.
- Additional DRM grade controls such as setting documents to expire automatically after a certain timeframe or stopping screen grabbing are available.
- Documents can be dynamically watermarked (user and system information is automatically inserted at view/print time) rather than having to protect the same document each time for each user in order to customize it with their information.
- Documents and user access can be revoked at any stage regardless of where they reside.
- Document use can be locked to specific locations. This is handy when needing to control BYOD and confining the use of confidential documents to the workplace.
- Document use can be logged so you can see who has accessed your PDF files, how often, when and where.
So when your requirement is to protect confidential information, or have to share or sell documents securely, then PDF DRM is the only secure solution. It delivers higher document protection to ensure your documents remain safe from unauthorized distribution, and it provides other benefits such as transparent key management and distribution, and total DRM control over document use.