PDFs are a popular and convenient choice that millions use as a file format for distributing images and text in a consistently reliable display format. Since this type of document can be opened on practically any operating system or platform without any change in the fonts, format and layout on screen and in print, it continues to stay relevant for personal and professional use.
For security and confidentiality, PDFs can be password protected to restrict the viewing of the content only to selected users (only users with the correct password can open them), or they can be secured by modifying the permission settings to prevent modification of the file contents and printing. However Adobe password protection has multiple weaknesses – password protected PDFs can be shared with others and permissions instantly removed.
Adobe was the earliest pioneer in producing PDF documents, and over the years, they added a number of security controls to help secure PDF documents from misuse. During the early versions of PDF documents, security in the form of access controls or continuing use controls was not supplied, mainly because the most significant characteristic of Adobe PDF documents was to ensure that what was displayed on the screen or on a printed copy was identical, irrespective of the operating system or printing device being used.
The earliest security controls introduced by Adobe in their PDF documents were passwords, and it quickly became the most popular access control mechanism over the years due to the fact that passwords are a common form of access control in other systems. PDF documents can also be digitally signed to ensure that if document contents are tampered with then users are alerted to this fact.
Currently, Adobe provides simple security to password protect PDF files – this enables the creator to limit access to the PDF file and/or restrict specific features, such as editing the document or printing it. However, the document owner cannot restrict or prevent the saving of numerous copies of the same PDF (not good news if a password has been shared or broken), revoke it if it has been misused, or expire it after a certain amount of time.
Adobe has two levels of security to password protect a PDF:
Also called the user password or owner password, controls who can open the PDF document. The user needs the specified, correct password to open the document.
Also known as the master password. This password controls what users can do with a document – whether they can edit and print it, etc. When a permissions password is set, the recipients of the document are not required to type in the password in order to open the document. If, however, the controls to restrict editing need to be reset or changed, the permissions password must be typed in.
If the creator of the PDF document secures the PDF file with both types of passwords, the document can be opened with either password. However, for the user to modify the restricted features, the permissions password must be entered.
Given the added security, it is often seen that setting both types of passwords is beneficial in securing the content of the document. However, the Permissions password can be easily removed by freely available PDF password remover applications which attack the weak implementation of the Adobe PDF Security Handler rather than the password itself. Adding permissions to restrict editing and printing are therefore worthless.
With the help of the permissions password, restrictions can be enforced on Adobe PDF files. However, if these settings are not supported by third-party products, recipients of the document will be able to find a way round some or all of the restrictions set by the creator. In addition, most freely available password removal programs can remove the restrictions password in seconds due to its poor implementation.
The document open password is more secure, and it is important to understand that if the password is forgotten or misplaced, it cannot be recovered from the PDF withhout using a PDF password removal tool. As a result, Adobe recommends maintaining a backup copy of the PDF document without password controls.
Password protection can be added to PDF files when they are first created or after they have been created. You can also password protect PDFs that you have received from somebody else, unless the originator of the PDF file has laid restrictions on who can modify security settings (but these can be easily removed by freely available password remover programs).
To remove the password security controls from an open PDF document you must enter it before you can remove it from the PDF.
If the PDF document is controlled with a server-based security policy, it can be changed only by the server administrator or the author of the policy.
If you don’t know the password, a PDF password remover tool can remove the open password, especially if short and/or weak passwords have been used. You can find more info on cracking password protected PDF files here.
Adobe Acrobat offers various solutions to secure PDF files in the form of using passwords, redacting classified data from text, and automating security tasks when the file is opened. More secure and expensive solutions use Rights Management controls rather than passwords, but users must be known to the system. This is because it works in the traditional PKI manner, with users’ public keys being used to encrypt documents. The Adobe rights management system is aimed at internal company use, where users are a known entity. If you are trying to sell a PDF document, for example, it would be unreasonable to ask the user for their public key first before they could receive it.
Look for the PDF password security dialogue box when it comes up. Determine the choices you would like to take as to the levels of security you are seeking to use:
Now the PDF document you have created is password protected. Any user who intends to use it must have the password you have created in order to read, modify or print the document.
If you have applied just a permissions password, you and other users will not need to enter the password in order to open the PDF file. However, if you intend to make modifications to the permission settings for the PDF file, you will need to enter the password that you had initially created.
While saving the PDF document, it can also be saved as a certified document. Doing so will add an invisible certifying signature that increases the assurance level that the document’s integrity and authenticity are preserved since any changes to the file invalidates the signature.
*Note: we mentioned ‘added security’ when applying a permissions password. The reality, however, is that this can be easily removed by free PDF Password Removal software. You are not really adding any additional security here.
If you don’t want to use Adobe Acrobat, you can use an online tool or download an app like PDFEncrypt. Downloaded software is more secure since you don’t have to upload unprotected files to an unknown server where they could be compromised. However, be cautious about the app you use. We chose PDFEncrypt because it is free and open source.
Here’s how to use PDFEncrypt to password protect a PDF file without Acrobat:
Passwords are commonly used by millions of PDF users. Protecting PDF files with the use of passwords can ensure that even if the file is misplaced or lost, the content in the PDF document will not be accessible to any other individual. That is, unless, the password has been shared with them. Using passwords to protect your PDF files can therefore be a ‘safe’ way of ensuring that data within the file is secured.
If you distribute or upload to a web site a non-protected and unsecure PDF document, you are exposing your document to anyone that can access and download it. To prevent this from happening, you can password-protect PDFs, ensuring that your PDF document is available to those that have been given the password to open it. Note however that this is not fool proof – you still have to trust authorized users not to share the PDF and the password with others.
If you use passwords to secure PDF files, you may not be getting adequate security since they can be easily hacked into with the help of the numerous PDF hacking tools and password crackers (PDF Password Recovery software) available on the Internet. PDF files that are password protected are easy to hack into and open if weak passwords have been used.
Without a strong password, you might as well not bother password protecting the PDF to begin with. A strong password is one that is of a decent length (say 16 characters or more) and is made up of mixed case and non-alphanumeric characters. However, these types of passwords can be cumbersome to manage, so it is important that the password used to protect the PDF file is maintained safely for future use, in the event that it is forgotten at any given point in time.
If you are thinking of relying on the permissions password to prevent PDF copying, editing, printing, etc. then don’t. This can be removed in seconds using password recovery software.
Most companies opt for the cheapest solution to protect their PDF files (PDF password protection). As a decision maker in a critical situation concerning sensitive data, opting for any basic version of PDF protection software is not particularly a good idea. It is unlikely to have the level of security, features and type of security required for complete document protection. Adobe password protection does not prevent sharing, editing, copying or printing because the restrictions are simple to remove. If you are seeking effective and robust protection you will need to use alternative solutions to protect PDFs that do not use PDF password protection.
Passwords are as important as physical keys to a safe or property – they are digital keys that protect your files and the data contained in them. It is therefore important to ensure you have used adequate security measures. Otherwise, unauthorised users will be able to access your passwords and therefore the contents of your PDF files.
In order to maximize the effectiveness of passwords, users must apply good practice such as avoiding the use of the same password on multiple PDF files. If this is not done, it creates a single point of failure, which means that if a hacker is able to retrieve information from one PDF document, he can easily gain entry to all the documents. In addition, users must exercise extreme caution when storing or making a note of passwords. Obtaining passwords through ‘dumpster diving’ or ‘shoulder surfing’ is highly plausible in an office environment, which is why great care must be taken while devising and storing passwords.
To add more security when protecting your PDFs with a password, it is important to ensure that the password is substantial, with at least sixteen characters and a mix of lowercase as well as uppercase letters, including symbols and numbers. Using special characters, punctuation and digits will enhance the strength of the password significantly. While adding password protection to PDF files it is important to remember that the password will be shared with others who are authorized to open it. So, do not use any passwords from your personal accounts.
Different PDFs containing important information and confidential data should have different passwords for every file and not a word that can be easily guessed. If the password is difficult to memorise or remember, it can be written down and stashed away in a safe place outside the computer.
IT experts recommend that PDF passwords should be changed several times during the course of usage and transmission. For example, if a PDF has to be sent to numerous users, a unique password must be employed for every user, as a single password sent to all users can be easily compromised. However, this means protecting the PDF separately for each user, which is cumbersome and time-consuming. Not to mention having to keep a record of all the passwords in use for each user. The reality is that using unique passwords for each password protected PDF is unlikely to happen as it introduces a management overhead that is costly to maintain.
Using passwords to protect PDF documents that contain classified or sensitive information is no longer relevant in today’s highly advanced technological world. Password protecting Adobe PDF files does not prevent sharing since users can just share the password with the PDF or enter and remove it before sharing an unprotected file.
PDF documents that have been password protected where the password is not known, can be easily unprotected with the help of simple and free PDF password cracking solutions (PDF Password Recovery software) available on the Internet. Document restrictions to prevent editing and printing (those ‘protected’ with the permissions password) can be removed in seconds, and document open passwords can take minutes, hours, or days depending on the length and complexity of the password.
The best way to ensure that your sensitive data in your PDF documents remains protected is to use high-level strength encryption methods such as public key technology, secure and transparent key transmission, and encrypted key storage.
Locklizard is the leader in PDF document protection software and uses US AES encryption, public key technology and Digital Rights Management to protect PDFs beyond simple passwords. Our PDF DRM protection is used worldwide by information publishers to secure PDF files against unauthorized access and misuse.
Safeguard PDF Security protects PDF files with AES encryption without the use of passwords, ensuring your protected PDF files are not exposed to simple security weaknesses. Our secure PDF Viewer software and web based licensing system transparently manages decryption keys so there are no passwords to enter or manage. PDF files are locked to specific devices so they cannot be shared with others, and the document owner can expire and revoke documents at any stage, enable offline use, apply dynamic watermarks, stop printing, and prevent screen grabbing of content.
In conclusion, securing your sensitive PDF files with passwords is not a sensible option, given the number of ways in which password protected PDFs can easily be cracked and the time required to manage each password. If you are serious about securing PDF files then look for a PDF DRM solution that does not rely on passwords.