How to Password Protect a PDF File
Using Adobe Acrobat to password protect PDF files
Types of Adobe PDF Passwords
Adobe was the earliest pioneer in producing PDF documents, and over the years, they added a number of security controls to help protect PDF documents from misuse. During the early versions of PDF documents, security in the form of access controls or continuing use controls was not supplied, mainly because the most significant characteristic of Adobe PDF documents was to ensure that what was displayed on the screen or on a printed copy was identical, irrespective of the operating system or printing device being used.
The earliest security controls introduced by Adobe in their PDF documents were passwords and it quickly became the most popular access control mechanism over the years due to the fact that passwords are a common form of access control in other systems.
Currently Adobe provides simple security to password protect PDF files – this enables the creator to limit access to the PDF file and/or restricting specific features, such as editing the document or printing it. However, the document owner cannot restrict or prevent the saving of numerous copies of the same PDF file (not good news if a password has been shared or broken), revoke it if it has been misused, or expire it after a certain amount of time.
Adobe has two levels of security to password protect PDFs:
- Document open password: Also called the user password, controls who can open the PDF document. The PDF file can only be opened by entering the specified, correct password.
- Permissions password: Also known as the master password. This password controls what users can do with a document – whether they can edit and print it, etc. When a permissions password is set, the recipients of the document are not required to type in the password in order to open the document. If, however, the restriction controls need to be reset or changed, the permissions password must be typed in.
If the creator of the PDF document secures the PDF file with both types of passwords, the document can be opened with either password. However, for the user to modify the restricted features, the permissions password must be entered. Given the added security, it is often seen that setting both types of passwords is beneficial in securing the content of the document, but as a downside, there are now two passwords available to attack (although note that the Permissions password can be easily removed by freely available PDF password remover applications which attack the weak implementation of the Adobe PDF Security Handler rather than an attack on the password itself). PDF documents can also be digitally signed to ensure that if document contents are tampered with then users are alerted to this fact.
With the help of the permissions password, restrictions can be enforced on Adobe PDF files. However, if these settings are not supported by third-party products, recipients of the document will be able to find a way round some or all of the restrictions set by the creator of the document. In addition, most freely available password removal programs can remove the restrictions password in seconds due to its poor implementation.
The document open password is more secure and it is important to understand that if the password is forgotten or misplaced, it cannot be recovered from the PDF and hence Adobe recommends maintaining a backup copy of the PDF document without password protection controls. In order to remove the password security controls from an open PDF document, one must have permission to do so. If the PDF document is controlled with a server-based security policy, it can be changed only by the server administrator or the author of the policy. However a good PDF password remover tool will also help, especially if short and/or weak passwords have been used.
Password protection can be added to PDF files when they are first created or after they have been created. You can also password protect PDF files that you have received them from somebody else, unless the originator of the PDF file has laid restrictions on who can modify security settings (but this can be easily removed by freely available password remover programs).
Why should I use passwords to protect my PDF files?
Protecting PDF files with passwords is commonly used by millions of PDF users. Protecting PDF files with the use of passwords can ensure that even if the file is misplaced or lost, the content in the PDF document will not be accessible to any other individual unless the password has been shared with them. Using passwords to protect your PDF files can therefore be a ‘safe’ way of ensuring that data within the file is secured.
If you distribute or upload to a web site a non-protected and unsecure PDF document, you are exposing your document to be exploited, as the PDF file can be easily shared. To prevent this from happening, you can password protect PDF files ensuring that your PDF document is protected without being exposed.
WARNING: PDF Passwords are easily removed
If you use passwords to protect PDF files, you may not be getting adequate security since they can be easily hacked into with the help of the numerous PDF hacking tools and password crackers (PDF Password Recovery software) available on the Internet. PDF files that are password protected are easy to hack into if weak passwords have been used. Without a strong password, you might as well not bother password protecting the PDF file to begin with. A strong password is one that is of a decent length (say 16 characters of more – the more the better), and is made up of mixed case and non-alphanumeric characters. However these types of password can be cumbersome to manage, so it is important to note that the password used to protect the PDF file is maintained safely for future use, in the event that it is forgotten at any given point in time.
If you are thinking of relying on the permissions password to prevent PDF copying, editing, printing, etc. then don’t. This can be removed in seconds using password recovery software.
Most companies opt for the cheapest solution to protect their PDF files (PDF password protection). As a decision maker in a critical situation concerning sensitive data, opting for any basic version of PDF protection software is not particularly a good idea as it is unlikely to have the level of security, features and type of security required for complete document protection. If you are seeking effective and robust protection you will need to use alternative solutions to protect PDF files that do not use PDF password protection.
Secure alternatives to PDF Password Protection
Using passwords to protect PDF documents that contain classified or sensitive information is no longer relevant in today’s highly advanced technological world. PDF documents that have been password protected can be easily unprotected with the help of simple PDF password cracking solutions (PDF Password Recovery software) easily available on the Internet. Document restrictions (those ‘protected’ with the permissions password) can be removed in seconds and document open passwords can take minutes, hours, or days depending on the length and complexity of the password.
The secure way to ensure that your sensitive data in your PDF documents remains protected is to use high-level strength encryption methods such as public key technology, secure and transparent key transmission, and encrypted key storage. Locklizard is the leader in PDF document protection software that use US government strength encryption, public key technology and Digital Rights Management to protect PDF files beyond simple password protection. Our PDF DRM protection is used worldwide by information publishers to protect PDF files from unauthorized access and misuse.
Safeguard PDF Security protects PDF files with AES 256 bit encryption without the use of passwords, ensuring your protected PDF files are not exposed to simple security weaknesses. Our secure PDF Viewer software and web based licensing system transparently manages decryption keys so there are no passwords to enter or manage. PDF files are locked to specific devices so they cannot be shared with others, and the document owner can expire and revoke documents at any stage, enable offline use, apply dynamic watermarks, stop printing, and prevent screen grabbing of content.
In conclusion, securing your sensitive PDF files with passwords is not a sensible option, given the number of ways in which password protected PDFs can easily be cracked and the time required to manage each password. If you are serious about securing PDF files then look for a PDF DRM solution that does not rely on passwords.