How to prevent users removing security from PDF files

Why removing PDF security is so easy & how to permanently protect PDFs

Why password protection & certificates fail to protect PDFs, plus the best practices & tools to permanently prevent PDF sharing, copying, editing, and printing.

Ensuring the security of your PDF documents is essential in protecting sensitive and classified information, but preventing unauthorized access and modification can be a challenge.  If you Google “PDF security”, you’ll see hundreds of websites describing ways to bypass and remove PDF passwords and providing the tools to do so.  It’s as easy as uploading the document to a webpage and pressing one button.

For organizations, this represents an existential threat.  With GDPR and CPRA, consumer data privacy protections are the strongest they’ve ever been.  Meanwhile, the risk to your stock price should sensitive board minutes, financial reports, trade secrets, or contracts leak is immense.  To prevent this from happening, you need to understand the following:

1. How traditional PDF security works
2. Best practices to prevent PDF security removal
3. Tools to protect PDF files
4. How to prevent users from removing PDF security using Locklizard
5. Closing words

   Understanding PDF security

There are several types of PDF security, but password security is the most common.  Software such as Adobe Acrobat, Foxit PDF, SmallPDF, and various other online services and tools all offer this type of protection.

There are two types of PDF password. They have some key differences:

• The PDF open password:  This is used to determine who can open the file, as well as encrypt it.
• The permissions password:  Used to control how a user can interact with a document – whether they can edit, print, copy/paste, etc.

If you can take anything away from this article, it should be that these passwords are not an effective way to protect document content from unauthorized access and modification. Users can bypass or break PDF security in several straightforward ways.

   How to remove security from a PDF

There are various simple methods to remove PDF passwords or restrictions, with some targeted at removing the open password, and others the permissions password:

1. Free online PDF unlockers
   Hundreds of free websites allow you to upload a PDF and download a copy without the permissions password or any editing and printing restrictions. In our testing, this entire process took less than thirty seconds.
2. Microsoft Word’s “Save As” trick
   Users can remove permissions passwords intentionally or inadvertently by opening the PDF in Word. The conversion process usually ignores the permissions password to create an editable document that the user can export back into an unprotected PDF format.
3. Third-party PDF open password removers: Tools such as Elcomsoft’s password recovery software and several other projects attempt to guess or remove the open password using dictionary and brute‑force attacks. Short passwords can be cracked in minutes, and only very long, complex passwords are entirely immune to cracking.
4. Removing it in Acrobat
   The easiest method to bypass PDF security requires no tools or special knowledge. Someone who knows the password can open it in Acrobat and select “Tools > Protect > Encrypt > Remove Security.” After entering the valid password and saving the file, all protection will be stripped. Anybody they share it with can open it without authentication.

The ease with which users can remove or bypass Adobe-style password protection demonstrates that it isn’t a serious security mechanism.

   Removing an owner password with Elcomsoft

While the Owner password uses encryption, passwords are still generally short and usually relatively easy for a computer to crack because humans choose them.  Usually, they pick words you’ll find in the dictionary or something related to the purpose of the document or company, which can be gleaned from metadata.  Even if you think you’re typing random letters, chances are you’ll end up with some variation of the letters on the home row of your keyboard.

Password removal tools such as Elcomsoft can remove password protection with various types of attacks. These include using dictionary phrases, guessing based on parts of the password you do know, or systematically trying every combination of numbers and letters. Methods for older versions of Acrobat often don’t require you to know the password at all, as they can brute-force the weak encryption key in several hours.

But there are other, bigger issues with using an open password to prevent unauthorized access:

1. Any user who has the password can share it (along with the document) with somebody else.
2. You have to find a way to inform users of the password in a secure manner.
3. Long, complex passwords are better, but impossible for users to remember.
4. You should use different passwords for each PDF, but this could take hundreds of hours at scale to log and maintain them.

In practice, this makes it quite useless.

The security of the permissions password, meanwhile, is completely useless.  Users can upload your protected PDF to any number of online tools to strip the permission password and trivially gain the ability to edit, copy, and print at will.  They can then share the decrypted, unprotected document with anybody.

  Are PDF certificates a better alternative?

PDF certificates are the second most common PDF security mechanism.   They are often seen as a more secure alternative to password-protected PDF files, and they are.  You don’t have to worry about how to transmit passwords securely because it uses public key infrastructure (PKI).  Users are also much less likely to share their private key vs a password, and files encrypted with a certificate are incredibly hard to crack.

The main issue is that PDF certificates are not designed to stop editing.  They are simply a mechanism to exchange private and public keys.  Once the user has decrypted the file, they can still do what they want with it.  Certificates can also be finicky to use and manage, with the sender needing to have the user’s certificate in advance so that they can protect it with their public key.

We discuss the pros and cons of PDF passwords vs certificates in another blog.

   Best practices to prevent PDF security removal

So, how do you prevent the removal of restrictions in PDFs? If you insist on using PDF passwords and certificates, follow these best practices:

1. use a unique, long, and complex password for every copy of every document
2. do not share the documents with users that you do not want to edit them
3. ensure certificates are regularly revoked and securely maintained
4. use strong encryption algorithms such as AES-256 bit
5. train your employees on PDF security and the dangers of removing protection
6. store PDFs in a secure environment, protected by multi-factor/biometric authentication
7. use a reliable PDF viewer that implements security features effectively
8. use digital signatures so that recipients can be sure the PDF came from you. Just be aware that they do not prove a document has not been tampered with due to exploits in signature validation.
9. add watermarks to your PDFs that contain the recipient’s information (to discourage sharing). Generic please do not copy text is unlikely to be effective.

If you follow these best practices, there’s a lower chance that somebody will intercept and gain access to your documents.  Unfortunately, there’s little you can do to stop users who are authorized to view your documents from editing them or sharing them with unauthorized ones.  Even user-identifying watermarks won’t go that far, as they can be removed using PDF editing software.

To truly stop users from removing PDF security, you’ll have to start looking at third-party software and services that don’t use passwords for protection.

Tools to prevent PDF security removal

Various products on the market are designed to enhance the security of PDF files to prevent the easy removal of passwords and restrictions.  Not only are they more secure, but they have additional features such as the ability to expire documents on a fixed date or after a period of time.

We’ll quickly assess the four most popular options – PDF certificates, PDF plugins, data rooms, and PDF DRM.

   The problem with PDF security plugins

PDF security plugins are tempting because they promise to fix inherent issues with an application. Unfortunately, in this case, they introduce more problems than they solve. While some PDF security plugins can patch a few holes, they create much larger ones:

1. Plugins often stop working due to application updates or other conflicting plugins/scripts.
2. Attackers can study a plugin to determine why and where it acts, and then create a new plugin specifically designed to overrule it.
3. Some DRM document plugins won’t work unless you turn off security in Adobe Acrobat. That makes users more likely to fall victim to malicious scripts or documents.
4. Plugins require the same admin rights to install as any software, yet cause admins more headaches. They can be complex and time-consuming to install at scale since IT admins may need to check for and uninstall any existing plugins.
5. Plugin controls aren’t usually adequate, either. They typically either batch encrypt PDFs or encrypt content with AES-256 using a key instead of a password, which is still vulnerable to sharing. Others, such as Microsoft Information Protection, are more sophisticated but still struggle with the problems above.

Ultimately, third-party PDF security plugins can only do so much to fix the major document security weaknesses present in Adobe Acrobat.  With the constant headache of compatibility on top and easy methods to attack plugins, they just aren’t worth it.

   Why ‘Secure’ data rooms are anything but

Secure data rooms have a more interesting proposition: what if you allowed users to open PDF files, but only on a secure server that you control?  Theoretically, this would mean that anybody outside of the organization who wishes to view your documents would be subject to the same level of oversight and access control as your employees, with tools to prevent the copying of files to external devices.  Usually, this is offered as a service by a data room provider, who will allow you to rent a secure server in the cloud that already has access controls applied and a shiny interface to boot.

Unfortunately, while data rooms may be helpful in certain circumstances, they alone do not prevent unauthorized users from gaining access to files or copying them.  Usually, access to the secure server space is authenticated via a username and password combination.  This can be shared with unauthorized users just as a PDF password can.  While yes, measures like IP address restrictions can be implemented, these can also be spoofed through the use of a VPN.

There are other issues with data rooms, too:

1. By their very nature, they do not install any security software on the recipient’s PC.  This means that they cannot prevent or detect screenshots when the window is not in focus and cannot prevent printing to file drivers.
2. Multiple users can often log in at the same time with the same credentials.
3. You’ll be uploading your sensitive content to the servers of a third-party, where it is decrypted.  You cannot personally assess whether those servers are secure, won’t experience data loss, or won’t retain temporary files after deletion.
4. Documents are accessed using a browser, which is not a secure environment. Browser plugins and development tools can be used to bypass security controls in some cases, and often temporary files containing unencrypted information are stored on the user’s local PC where they can be extracted.

  PDF DRM

Like PDF security plugins, PDF DRM applications try to provide a more secure set of controls for PDF files.  PDF DRM software is typically entirely separate from the Adobe Acrobat security handler and does not rely on the application in any way.  This allows them to implement a system that is secure from the ground up, rather than trying to patch holes in a sinking ship.

PDF DRM systems generally have three components: a licensing server, a secure PDF viewer application, and a “Writer” application that encrypts the PDF files.  When the document issuer encrypts the file, they choose which controls they’d like to apply (stopping printing, copy-pasting, etc.).  The document becomes inaccessible to anybody who does not have the correct decryption key, which is transmitted securely and transparently from the licensing server once an authorized user installs a license file.

The user can then open the file in their viewer application and only interact with it within the boundaries of the chosen controls.  When it comes to PDF viewers, standalone applications are the most reliable and secure when compared to plugins to existing viewers or browser viewers, as they are much harder to manipulate and have greater control over the operating system.

A well-designed PDF DRM system with a standalone viewer makes it very difficult for users to send high-quality copies of a document to others or edit it.  They also typically contain additional measures not seen in plugins or data rooms, such as the ability to lock specific documents to devices to prevent sharing, prevent screenshotting, and printing to unprotected PDFs.

How to prevent users from removing PDF security using Locklizard

Locklizard does not use passwords and uses its own reader software to enforce restrictions. As a result, users cannot easily bypass or remove the PDF security.

Locklizard Safeguard DRM uses a combination of encryption, secure licensing and key management, and DRM controls to ensure that documents cannot be edited, copied, printed, or shared, regardless of who is using them and where they are stored.  These controls are simple to apply, and access and license distribution are managed via a central portal.

Here’s how to protect a PDF and prevent users from removing the protection:

1. Right-click on a PDF in File Explorer and select “Make secure PDF”.
   
2. Protect the PDF from unauthorized use by ticking the relevant controls.  We recommend that you add a watermark to identify users.  Safeguard creates permanent dynamic watermarks that cannot be removed using PDF editing software.
   
3. Locklizard will automatically protect a PDF from copying text and images, but you may want to take additional steps to protect your PDF from screen capture.  Without screen capture protection, a user can screengrab your PDF and import it into an optical character recognition tool to make the text editable.  To prevent this, open the “Environment Controls” tab and tick “Disallow screen capture” and optionally “Add screen mask” which covers the viewer window with an image if focus is moved away from it.
   
4. Press the “Publish” button at the bottom of the window.
   
   Your protected PDF file will output to its source folder in the .pdc format and you can safely share it knowing that nobody can access it without a valid license.
5. Add a user account and send them their license via the Safeguard admin portal.
   

With the PDF published, you’ll need to send your recipients the encrypted .pdc file, alongside a download link for the secure PDF reader application and a valid license.  The simplest way to do this is by ticking “Email license” when adding a new user.  See how to add a new user and grant them document access.

Safeguard Secure PDF viewer cannot have its anti-editing controls bypassed because it cannot edit in the first place – only highlight and add annotations.  It also does not have copy and paste or save as functionality, and does not allow printing to file drivers.  You can additionally choose whether to disable screenshots or printing to stop unprotected copies from being created. When you do allow printing or screenshots, you can enable dynamic or static watermarks that identify the original user or place a moiré pattern to throw off OCR and scanning tools.

  Closing words

In summary, the following PDF security solutions are clearly not adequate for the protection of sensitive and confidential information.

1. Adobe password protection is useless – open passwords can be shared and permissions instantly removed.
2. Data rooms don’t offer much additional security and require you to upload documents to a server that is not under your control.
3. PDF plugins suffer from compatibility issues, are easily bypassed, and can introduce security vulnerabilities.

There is simply no denying, then, that PDF DRM is the best way to prevent users from removing PDF security.  A well-designed PDF DRM system will leave users with no route to bypass controls and edit, print, share, screenshot, or copy and paste a document.  It will also introduce new and more granular controls that allow you to apply only the restrictions that are necessary for your use case.

Find out more about how DRM works, or take a 15-day free trial of our DRM software.

FAQs

Is PDF password removal safe?

Removing security from a PDF increases the chances it will be accessed or modified by malicious parties. However, PDF password removal tools are usually safe to use, provided they are local tools (not requiring an upload to a website) and well-respected.  Uploading a document for PDF password removal online risks your document being exposed to attackers should they compromise that site.

How do I remove a password from a PDF without Adobe Acrobat?

You can use an alternate PDF editor such as Foxit or SmallPDF if you know the password, and PDF password removers such as Elcomsoft if you do not.

Why use a PDF password remover?

Though it is tempting to think that everyone who uses a PDF password user plans to misuse your document, that is not always the case. Many users remove passwords from PDFs because they find them annoying to enter on open or because they have forgotten them. This is understandable, but still exposes businesses to additional risk.

Is it possible to remove a password from a secured PDF without losing quality?

Quality loss when removing passwords sometimes occurs when you upload your PDF to an online tool, which compresses the PDF before allowing you to download it to save on bandwidth costs. To avoid this, use a local tool such as Adobe Acrobat or a local PDF password remover.

How does encryption affect the process of PDF password removal?

Full encryption (such as that which is used in PDF open passwords) makes security much harder to remove if the password is not known. Rather than exploiting flaws to remove the password, PDF password removal tools must