How to Password Protect a PDF File
Using Adobe Acrobat to password protect PDF files
Password protecting PDFs
PDF files are a popular and convenient choice used by millions of users around the world as a file format for distributing data containing images and text in a consistently reliable display format. Since this type of document can be opened on practically any operating system or platform, without any change in the fonts, format and layout on screen and print, it continues to stay relevant for personal and professional use.
For security and confidentiality, PDF files can be password protected to restrict the viewing of the content only to selected users, or they can be secured by modifying the permission settings to prevent modification of the file contents and printing.
Types of Adobe PDF Passwords
Adobe was the earliest pioneer in producing PDF documents, and over the years, they added a number of security controls to help protect PDF documents from misuse. During the early versions of PDF documents, security in the form of access controls or continuing use controls was not supplied, mainly because the most significant characteristic of Adobe PDF documents was to ensure that what was displayed on the screen or on a printed copy was identical, irrespective of the operating system or printing device being used.
The earliest security controls introduced by Adobe in their PDF documents were passwords and it quickly became the most popular access control mechanism over the years due to the fact that passwords are a common form of access control in other systems.
Currently Adobe provides simple security to password protect PDF files – this enables the creator to limit access to the PDF file and/or restricting specific features, such as editing the document or printing it. However, the document owner cannot restrict or prevent the saving of numerous copies of the same PDF file (not good news if a password has been shared or broken), revoke it if it has been misused, or expire it after a certain amount of time.
Adobe has two levels of security to password protect PDFs:
- Document open password: Also called the user password or owner password, controls who can open the PDF document. The PDF file can only be opened by entering the specified, correct password.
- Permissions password: Also known as the master password. This password controls what users can do with a document – whether they can edit and print it, etc. When a permissions password is set, the recipients of the document are not required to type in the password in order to open the document. If, however, the restriction controls need to be reset or changed, the permissions password must be typed in.
If the creator of the PDF document secures the PDF file with both types of passwords, the document can be opened with either password. However, for the user to modify the restricted features, the permissions password must be entered. Given the added security, it is often seen that setting both types of passwords is beneficial in securing the content of the document, but as a downside, there are now two passwords available to attack (although note that the Permissions password can be easily removed by freely available PDF password remover applications which attack the weak implementation of the Adobe PDF Security Handler rather than an attack on the password itself). PDF documents can also be digitally signed to ensure that if document contents are tampered with then users are alerted to this fact.
With the help of the permissions password, restrictions can be enforced on Adobe PDF files. However, if these settings are not supported by third-party products, recipients of the document will be able to find a way round some or all of the restrictions set by the creator of the document. In addition, most freely available password removal programs can remove the restrictions password in seconds due to its poor implementation.
The document open password is more secure and it is important to understand that if the password is forgotten or misplaced, it cannot be recovered from the PDF and hence Adobe recommends maintaining a backup copy of the PDF document without password protection controls. In order to remove the password security controls from an open PDF document, one must have permission to do so. If the PDF document is controlled with a server-based security policy, it can be changed only by the server administrator or the author of the policy. However a good PDF password remover tool will also help, especially if short and/or weak passwords have been used.
Password protection can be added to PDF files when they are first created or after they have been created. You can also password protect PDF files that you have received them from somebody else, unless the originator of the PDF file has laid restrictions on who can modify security settings (but this can be easily removed by freely available password remover programs).
How to password protect a PDF file using Adobe Acrobat
Adobe Acrobat offers various security solutions to protect PDF files in the form of using passwords, redacting classified data from text, and automating security tasks when the file is opened. More secure and expensive solutions use Rights Management controls rather than passwords but users must be known to the system as it works in the traditional PKI manner with user’s public keys being used to encrypt documents. Adobe rights management system is aimed at internal company use where users are a known entity. If you are trying to sell a PDF document for example it would be unreasonable to ask the user for their public key first before they could receive it.
To password protect a PDF file in Adobe Acrobat:
- Click ‘File’ which is on the top horizontal toolbar
- Select ‘open’ by scrolling down the drop-down list
- With the help of the browser window, select the PDF file you want to password protect
- Go to the ‘Security’ tab in the properties dialogue box
- Select ‘Password Security’ in the top drop-down box instead of ‘No Security’
Look for the PDF password security dialogue box when it comes up. Determine the choices you would like to take as to the levels of security you are seeking to use:
- Right on top, choose the version of Adobe Acrobat that your readers are likely to have. Here you can decide whether you wish to encrypt all the information in the file, or you might want to encrypt only the attachments. Doing so can make it difficult for unauthorised users to access or read your document.
- Here, you can also choose whether you wish to enter a password only for opening the file (PDF owner password) or a password for making modifications to the content (PDF permissions password). If you choose to select the option of using a password only for opening the PDF document, go to the first option and type in the password of your choice.
- If you are looking for ‘added security’*, that is you need a password to prevent unauthorised editing, go to the second option and select the option of restricting the commands of editing and printing. Type in the password that you want to use for this option. Choose the kind of editing you want to restrain in the drop down box below the password.
- Once you have made your selections, click ‘OK’. You will once again be asked to confirm your password before the changes are permanently saved.
Now, the PDF document you have created is password protected. Any user who intends to use it must have the password you have created in order to read, modify or print the document.
If you have applied just a permissions password, you and other users, will not need to enter the password in order to open the PDF file, but if you intend to make modifications to the permission settings for the PDF file, you will need to enter the password that you had initially created.
While saving the PDF document, it can also be saved as a certified document. Doing so will add an invisible certifying signature that increases the assurance level that the document’s integrity and authenticity are preserved since any changes to the file invalidates the signature.
*Note: we mentioned ‘added security’ when applying a permissions password. The reality is however this can be easily removed by freeware PDF Password Removal software so you are not really adding any additional security here.
Why should I use passwords to protect my PDF files?
Protecting PDF files with passwords is commonly used by millions of PDF users. Protecting PDF files with the use of passwords can ensure that even if the file is misplaced or lost, the content in the PDF document will not be accessible to any other individual unless the password has been shared with them. Using passwords to protect your PDF files can therefore be a ‘safe’ way of ensuring that data within the file is secured.
If you distribute or upload to a web site a non-protected and unsecure PDF document, you are exposing your document to be exploited, as the PDF file can be easily shared. To prevent this from happening, you can password protect PDF files ensuring that your PDF document is protected without being exposed.
WARNING: PDF Passwords are easily removed
If you use passwords to protect PDF files, you may not be getting adequate security since they can be easily hacked into with the help of the numerous PDF hacking tools and password crackers (PDF Password Recovery software) available on the Internet. PDF files that are password protected are easy to hack into if weak passwords have been used. Without a strong password, you might as well not bother password protecting the PDF file to begin with. A strong password is one that is of a decent length (say 16 characters of more – the more the better), and is made up of mixed case and non-alphanumeric characters. However these types of password can be cumbersome to manage, so it is important to note that the password used to protect the PDF file is maintained safely for future use, in the event that it is forgotten at any given point in time.
If you are thinking of relying on the permissions password to prevent PDF copying, editing, printing, etc. then don’t. This can be removed in seconds using password recovery software.
Most companies opt for the cheapest solution to protect their PDF files (PDF password protection). As a decision maker in a critical situation concerning sensitive data, opting for any basic version of PDF protection software is not particularly a good idea as it is unlikely to have the level of security, features and type of security required for complete document protection. If you are seeking effective and robust protection you will need to use alternative solutions to protect PDF files that do not use PDF password protection.
The Importance of using strong PDF Passwords
Passwords are as important as physical keys to your personal data online – they are digital keys that safeguard your files. It is therefore important to ensure you have used adequate security measures in order to prevent unauthorised users from accessing your passwords and therefore the contents of your PDF files.
In order to maximize the effectiveness of passwords, users must apply good practice such as avoiding the use of the same password on multiple PDF files. If this is not done, it creates a single point of failure, which means that if a hacker is able to retrieve information from one PDF document, he can easily gain entry to all the documents. In addition, users must exercise extreme caution when storing or making a note of passwords. Obtaining passwords through ‘dumpster diving’ or ‘shoulder surfing’ is highly plausible in an office environment, which is why great care must be taken while devising and storing passwords.
To add more security when protecting your PDF files with a password, it is important to ensure that the password is substantial, with at least sixteen characters and a mix of lowercase as well as uppercase letters, including symbols and numbers – using special characters, punctuation and digits will enhance the strength of the password. While adding password protection to PDF files it is important to remember that the password will be shared with others who are authorized to open it.
Different PDF files containing important information and confidential data should have different passwords for every file and not a word that can be easily guessed. If the password is difficult to memorise or remember, it can be written down and stashed away in a safe place outside the computer. IT experts recommend that PDF passwords should be changed several times during the course of usage and transmission. For example, if a PDF file has to be sent to numerous users, a unique password must be employed to every user, as a single password sent to all users can be easily compromised. However, this means protecting the PDF file for every user which is cumbersome and time consuming. Not to mention having to keep a record of all the passwords in use for each user. The reality is that using unique passwords for each password protected PDF file is unlikely to happen as it introduces a management overhead that is costly to maintain.
Using Strong Passwords to protect PDF files
Educating employees about the significance of using strong passwords to protect PDF documents is a fundamental step in ensuring that passwords are the first line of defence for document security. It is imperative that employees are made to regard their passwords in the same manner they would protect their personal information or physical keys.
It is important that employees avoid creating weak passwords that have the following features:
- Actual name of the user, surname or organisational name.
- An easy to guess dictionary word; using dictionary words is a bad idea because PDF password removal programs target common words located in a dictionary to attack the system. These are referred to as ‘dictionary attacks.’
- Words such as ‘password’, ‘123456’, ‘ABC’, ‘XYZ’ etc. are extremely common and easy to guess.
- Some letter substitutions, such as using ‘!’ Instead of ‘I’ or ‘$’ in place of ‘S’ can also be easily guessed.
- Passwords that have been written on a piece of paper and irresponsibly maintained.
- Common passwords for a number of people.
Some common tricks that can help make passwords stronger as well as memorable, include:
- Making use of entire pass phrases or sentences as passwords.
- Using only the first alphabet of every word of a popular pass phrase or a quote, such as NitMoI! (Necessity is the mother of invention!)
- Stringing together simple and short words and tying them with symbols or figures, for instance ‘Sea+7+blue’
Secure alternatives to PDF Password Protection
Using passwords to protect PDF documents that contain classified or sensitive information is no longer relevant in today’s highly advanced technological world. PDF documents that have been password protected can be easily unprotected with the help of simple PDF password cracking solutions (PDF Password Recovery software) easily available on the Internet. Document restrictions (those ‘protected’ with the permissions password) can be removed in seconds and document open passwords can take minutes, hours, or days depending on the length and complexity of the password.
The secure way to ensure that your sensitive data in your PDF documents remains protected is to use high-level strength encryption methods such as public key technology, secure and transparent key transmission, and encrypted key storage. Locklizard is the leader in PDF document protection software that use US government strength encryption, public key technology and Digital Rights Management to protect PDF files beyond simple password protection. Our PDF DRM protection is used worldwide by information publishers to protect PDF files from unauthorized access and misuse.
Safeguard PDF Security protects PDF files with AES encryption without the use of passwords, ensuring your protected PDF files are not exposed to simple security weaknesses. Our secure PDF Viewer software and web based licensing system transparently manages decryption keys so there are no passwords to enter or manage. PDF files are locked to specific devices so they cannot be shared with others, and the document owner can expire and revoke documents at any stage, enable offline use, apply dynamic watermarks, stop printing, and prevent screen grabbing of content.
In conclusion, securing your sensitive PDF files with passwords is not a sensible option, given the number of ways in which password protected PDFs can easily be cracked and the time required to manage each password. If you are serious about securing PDF files then look for a PDF DRM solution that does not rely on passwords.