pdf password protection

Password Protecting PDF Files

How to get PDF password protection to work

Using passwords to protect PDF files

Password protecting PDFs

Here we cover the use of a password to protect the opening of a PDF document rather than a permissions password (which can be easily removed) – see How to remove password protection from PDF files.

If you want to go down the route of applying password protection to PDF documents (in order to share them securely with others), then you need to consider the following points before you start:

  1. What is the minimum length for a PDF password to be effective?
  2. Are there any ‘rules’ for making passwords?
  3. Do I put passwords into PDF documents manually or can it be automated?
  4. How do I know which password went on which file?
  5. How do I re-issue a password to a user when it has been lost/stolen/strayed?
  6. Can I stop people swapping passwords?

So first things first – we need to know how long/complicated we need to make the password if it’s going to prove of any value in protecting your PDF file.

An interesting web article on this can be found at Password security and a comparison of Password Generators.

It starts off by telling you that an 8 character password (a-z, A-Z, 0-9) takes about 13 minutes to crack (guaranteed result by brute force alone), and a 10 character one around 500 hours.  So a password has to be longer than 8 characters if it to be realistic with today’s technology.  Pass phrases (a series of words rather than characters) are no more and no less secure than anything else, but they might be easier for the recipient to type in, so that is a plus.  Do remember that the recipient has got to type it in (or copy and paste from their preferred password vault).

Also, if you have a ‘strong’ password (more than 10 characters), changing it regularly hardly increases its security – adding another character does – but if it is already ‘strong’ then you create more user chaos by changing it than leaving it alone – because the recipient just has more passwords to cope with.

So far we have addressed the first two bullet points.  You can make strong passwords, and if you do then you should stick with them and not change regularly.

Password Generator Programs

Common password generators such as SecureSafe Pro Password Generator follow a strategy of you setting a master password and then they create ‘derivative’ passwords that will remain constant for that master password – this might be very handy if you have a fixed group of recipients.  It means that you don’t need to store all the passwords you have created and sent out. Enter the same master password (maybe the recipient’s name or email) and you get the same list of derivative passwords.  Otherwise, every time you generate a new password you need to store it and the recipient’s identity somewhere so you can recover it (or if someone loses a password and you have to create a new version of the password protected document for them and remember what you were doing).  This works OK for small groups that don’t change.

Other approaches, such as that from SecureSafe Pro Password Manager let you do a lot of configuring and then generate a batch of as many passwords as you could want.  This approach is handy if you want to just pick up the next password in the set. But there is no management built in. You just get a list of strong passwords.

Actually transferring passwords into PDF documents can be automated, but you would need to build your own engine to do this.  It would need a Systems Developer Kit (SDK) to allow you to manipulate the PDF document.  There are many SDK’s out there, and the licensing can be a bit complicated as to how many toolkits you can install and how many documents you can process.  An example of a royalty free SDK that can secure, sign and protect PDF comes from Debenu or PDF toolkit.

Password Administration

So the administration of passwords is starting to get a bit complicated?  And none of the common tools we have looked at appear to have a method of distributing the passwords once they have been generated.  And distributing means getting them into the PDF document as well as getting them to the recipient of the protected pdf document so they can open it when it arrives.

This gets us to the question of what happens when a user ‘loses’ or forgets a password to a document.  Do you send something completely new or do you lookup somewhere what you used last time and re-create the document, or do you rely on your email history to find what you originally sent them and send that again.  The opportunities are endless, as is the amount of manual work created when coping with these problems.  So far we have not seen an organized PDF password management system.

Can you stop people swapping passwords?  No. Rather like digital signatures, if giving them away does not stop people using the documents then who cares.  It needs a measure of inconvenience such as a watermark that identifies the authorised user, or a control that stops more than one person at a time from using a document, to persuade people not to give away passwords.  Also, allowing users to redefine the security controls based on passwords is basically unsound.  If any outside user can change the security controls then it does not take much to create documents that are not controlled.

Maybe it is symptomatic, but there are far more password remover applications than password generator applications.

So you can make PDF password protection work for small groups if you trust the users NOT to share the documents and passwords with others, but making it manageable, efficient and scalable is not easy.

  Choosing a strong password to protect PDF files

If you are going to use passwords to protect PDF documents then there are a few things that you need to keep in mind.

  • Don’t choose short passwords

    Current technology cracking tools use a technique called brute force – they start with a password that is a blank field, add 1 bit and try that.  If it fails they add another bit and try again until they find it.  Which is guaranteed!  So the shorter the password the quicker the cracker gets there.

  • Don’t pick obvious words as passwords

    Words such as password, master, boss, or even single dictionary words.  If you want to share PDF files securely then using obvious passwords is not going to provide much protection.

    There are tools available on the Internet, such as those from Elcomsoft that contain what are called dictionary attacks.  Basically they have a massive dictionary of popular and common passwords, and they will try all of them to see if any work.  The process takes maybe a few minutes to run through thousands of these.  Typical passwords NOT to use include: 123456, 123456789, password,. admin, 12345678, qwerty, 1234567, 111111, photoshop, 123123, 1234567890, 000000, abc123, 1234, adobe1, macromedia, azerty, iloveyou, aaaaaa, 654321, fred.  If the common passwords fail they switch to using words from dictionaries, often in several different languages.

  • Think about how the passwords will be used

    At the other end of the process you have an end user who has to enter the password.  So you can’t use characters that do not display on screen or are hard to find on a keyboard.  You don’t want a situation where recipients can only get the passwords in by copy and paste (and maybe not then if the characters don’t display properly).  That makes a system unusable.

  • Can the user remember them easily?

    Although people are good at remembering things – phone numbers, post codes, they do not remember 15 random characters very easily.  And especially if they have more than one password to remember.  Lots of PC’s and tablets are getting better at remembering passwords for you, but that also creates a point of weakness if all the passwords are in the one place.  There is then only one place to crack.

    Using two normal words separated by a special character can work well and can be remembered.  Try such things as enable*freeze or money$strength for instance.  They are long and a cracker cannot assume they are related words, or what length they might be.

  • Can you recover a lost password?

    Many systems recognize that passwords get forgotten or lost.  And you need some way of checking that the person requesting a replacement password actually is who they claim.  Many systems set up test questions and ‘secret’ answers, and ask the claimant for a series of characters from a selection of the questions before either resetting or disclosing the password.  This can get a bit complicated and means everyone needs to keep more and more password information, so that can be a problem.

  • What you never do

    Never ever ever tell any machine that is not your own to ‘Remember Me.’  It doesn’t matter how well you know the owner, and certainly not in a public machine (like an Internet café or a conference workstation).  There’s not a lot of point going to the trouble of creating a security system and then handing the keys to anyone on the planet!

Is PDF Password protection right for my business?

As one of the earliest methods of protecting PDF documents, the use of passwords has been in existence for decades.  However, using PDF passwords to control document usage has exponentially gained bad press over the years, because of the disappointing ways in which document creators choose and maintain their passwords and how security has waned with regards to password protection as a poor security mechanism.

In spite of technological advancement and decades of computer usage, security experts are still finding it difficult to educate people on how to create strong passwords to protect their documents.  Two of the most popular passwords that are still prevalent in most companies are ‘123456’ and ‘password’.  Most users opt for convenience over security when it comes to choosing passwords for protecting PDF files.

In addition, managing numerous passwords for large quantities of PDF files can become a nightmare.  When numerous passwords are used, creating a system to store those passwords can be a huge burden.  To prevent costly management overheads, some companies employ a standard password to be used for all files, which is a huge security weakness.  If passwords are used for securing data in PDF documents, then it is important to continuously keep changing those passwords and to use different passwords for every file.  And this growing list of PDF passwords needs to be maintained and stored securely – one of the highest priorities of securing classified documents is in protecting the entryway – that is the password protecting the document.

In a number of cases, password protected PDF documents have been compromised due to the unintentional involvement of the document user –  they might not be aware of the importance of maintaining strong passwords or storing them in a proper manner, which is an important task that they need to perform.

But protecting PDF files with passwords has other weaknesses.  If you type the keywords ‘Password protect PDF’ online, you will find hundreds of PDF password applications freely available for use.  But amongst those are the most popular PDF password cracking programs or PDF password removal programs which can easily remove the password and unlock the PDF, irrespective of whether the document has been encrypted with a strong algorithm and key length.  Unauthorized users can then use a copy of the original PDF without any passwords or security settings in place.

The use of passwords to securely protect PDF files is clearly not the way forward.

  Secure alternatives to PDF Password Security

Some things to consider when protecting PDF files.

  • Don’t choose a system that uses passwords

    A system that relies on a user entering a password is insecure.  If you use a password based sytem check that there are no published cracks and the implentation is secure – i.e. Adobe 8 was less 100 times less secure than previous versions due to how the password checking mechanism was implemented.

  • Don’t choose a system that uses plugins

    Plugins are vulnerable to the systems they plug in to and are inherently insecure and troublesome – see PDF Security plug-in vulnerabilities .

  • Don’t choose a system that uses EXE files

    These need Windows Admin rights to run and you have no control over what the EXE is doing.  These can also be easily compromised and shared.

  • Should I use a PDF Reader Browser based solution?

    With browser based PDF viewers there is no software installed on the client device.  You therefore cannot prevent screen grabbing, stop printing to file drivers (i.e. PDF) if printing is allowed, etc.  Also some less common browsers can ignore the security restrictions you have added.

  • What PDF restrictions do I need?

    Do you need to stop users printing PDFs, stop screen grabbing of content, prevent copy and paste, expire PDFs after a number of days use or on a certain date, watermark content and have the ability to revoke access at any stage?  These are all important items to consider when choosing a PDF Security solution for your business.

Customer Testimonials