Password Protect PDF

PDF Password Protection: why you should not Password Protect PDF Files

Protect IP

Secure PDF documents without useless passwords:

Stop unauthorized access
Stop sharing and distribution
Strong US Gov strength encryption, DRM and licensing controls

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Using Passwords to encrypt & protect PDF files

Mention PDF Security and people immediately think of either Adobe Acrobat’s PDF password protection or another PDF encryption solution that uses passwords. But is using PDFs with a password really a secure method of protecting PDFs against unauthorized use and misuse?

Here we cover the advantages and disadvantages of using passwords to encrypt and protect PDFs, how to remove passwords from PDF files, and whether passwords are an adequate method of PDF protection.

You can encrypt your individual PDF files with passwords, for free, using the open source PDFEncrypt application.

Does PDF Password Protection work?

PDF Password Protection has been around for a long time, but its success rate is rarely analyzed. Here we look at it in terms of the good, the bad, and the ugly.

Good
- Cheap – you can do it yourself or there are a ton of programs out there if you do a search for ‘password generator’
- Easy to use, recipients understand the process – ID/password is probably the most common form of access mechanism in use on the planet so there is high user acceptability for ease of use
- Acrobat lets you encrypt and password protect opening of a PDF and apply restrictions on use (permissions)
- With most PDF encryption software you can encrypt a PDF using AES encryption at 128-bits or more
- There are viewers and/or plug-ins for handling PDFs on almost every platform
Bad
- Strong passwords are difficult to set up and use – people cannot relate to them, there are too many passwords to try to remember and ‘security’ products that offer to keep them safe for you provide a single point of failure should anything go wrong
- Can be shared around easily – since they get sent in readable form to the user they can be copied and forwarded to anyone and anywhere
- If documents can be used ‘offline’ there is no way of knowing how many people have the password that has been given away/stolen
- Can be stolen easily – because they have to be used by humans they cannot be protected. The stronger they get, the more likely the human is to keep it in plaintext on their computer and copy and paste it in. Not always the most satisfactory security approach
- If you can change document permissions as the end user, then nothing is actually protected
- The choice of controls that can be applied using Adobe Acrobat are rather limited and take no account of the destination environment being used
Ugly
- Password generator and password attack programs have been around a long time as free web downloads and are very effective
- There are lists of popular passwords, showing that manual password selection is seriously flawed as an approach
- Some products, such as those from Elcomsoft, target very specific environments – breaking Adobe Acrobat passwords, ZIP, RAR, Microsoft Office XP, PGP Keys, and so on
- Access is often provided within seconds or minutes using these applications

Some Facts about Passwords

hour to crack 16-character ASCII passwords

no. of years users keep passwords unchanged

characters is the average password length used

123456

is the most popular password

Working with PDF Passwords

How to get PDF Password protection to work. What you must consider if password-protecting PDFs & password strength.

Protect PDF Files

Using PDF password protection to stop PDFs from being misused. The options and software available for password protecting PDF files.

PDF Permissions

Permissions you can apply to PDFs, such as preventing access and stopping printing. Tips on setting permissions for PDFs.

Remove PDF Passwords

How to unlock PDF files. The tools available to remove password security and why they are effective at unlocking PDFs.

PDF Password Hints

How to select a strong password for your PDFs and password protect your PDF documents.

Enforcing the use of strong PDF Passwords

A password is a primary line of security against any unauthorized entry into the PDF document. It is used as the key to encrypt and decrypt information. The more powerful a password, the greater the degree of security the PDF document has. To create a strong password, follow these guidelines:

A secure password should be at least 8-9 characters in length (preferably 16 characters).
It must not comprise any private data —particularly a first name, company name or surname.
It should not be the same as any previously used passwords.
It must not be a single dictionary word.
It should comprise of attributes from these four fundamental classes: uppercase letters, lowercase letters, numbers, and special characters such as £%$(, etc.

If you follow the basic password protection rules and use strong passwords then your PDF documents should be adequately protected. Bear in mind, however, that if you give the password to others then they can do what they like with the PDF file. The password protects other users from opening the PDF document but nothing else.

Additionally, whilst Adobe Acrobat employs another type of PDF password, a restrictions password, this can be easily removed by PDF password recovery software. So, PDF password protection is really only useful for storing PDFs securely.

5 PDF Password Tips

How to remove Password protection from PDF files

It is possible to use passwords to protect PDF files from being opened, printed or altered, but users can easily remove them.

In the Adobe PDF standard there are two passwords:

The Document Open password or User password – requires users to type in a password to open the PDF
The Permissions password or master password – lets you alter or remove PDF controls. Users don’t need a password to open the document but they do need a password to change the restrictions you’ve set.

If the User password is already known, or the User password was not set, then there are literally hundreds of tools available, some free, some paid for, that will remove the permissions password almost immediately – 82 Million results on Google, so take your pick.

So, if you are trying to control document usage you have to set a User password on the document or the permissions password can be removed trivially.

This creates the obvious problem that the people you are sending protected documents to need to have the User password in order to read it. And once the User password is known, users can then use PDF password removal tools (although there are also other simpler methods – see Removing PDF Passwords) to trivially remove the permissions password and do what they like with the document. This is exactly the same weakness with sending encrypted documents that do not have DRM controls – the recipient can do what they like and you have no way of stopping them.

In fact, the entire process can be broken down into three steps:

upload the PDF to a PDF password removal service
enter the user password (if applicable)
press a button to remove the permissions password and download the unprotected file

The only time there is some control, then, is if someone (i.e. an unauthorized user) gets hold of a User password protected document, not knowing what the password is. But even here companies such as Elcomsoft, famous for being the first to break the User password system, provide PDF password removal tools to carry out dictionary attacks (common password words such as ‘password’) and ‘brute force’ attacks (which will get you there eventually unless the password is very strong).

Are PDF Passwords safe to use?

No. The conclusion you have to come to is that although Adobe Acrobat PDF password protection seems easy, most implementations are not actually effective. That is fine if you just want to appear to have some security. As an approach, it only starts to become practical with very long passwords together with other controls monitoring or preventing unauthorized use.

The Adobe PDF Security method has been exposed as having an inherent weakness – based on an ‘honor’ system it relies on third party applications to enforce PDF restrictions (i.e. stop printing or copying). It is therefore trivial to bypasss or remove. This article covers the Adobe PDF security handler in more detail – How the Adobe PDF Security Handler works.

There are stronger approaches than protecting a PDF with a password to ensure PDF protection. They start with the introduction of a recipient Identifier (ID) as well as a key, and go on to use cryptography to prevent unauthorised use by identifying hardware and linking it to the license rather than trying to identify the end user.

Locklizard for example, protects PDF files without passwords – using keys that are transparently and securely relayed and locked to user devices so they are not exposed to either users or third party applications. We also use other security mechanisms such as 256-bit AES encryption, licensing controls, and proprietary protection methods to ensure PDF documents remain protected against unauthorized use and misuse no matter where they reside. See our DRM Technology.

Locklizard PDF Security: a secure alternative to PDF password protection

Locking PDFs with Safeguard is more secure than Adobe password protection.

Locklizard uses encryption, licensing, and DRM restrictions to protect PDF files from unauthorized access and use:

disable printing or limit the number of times a PDF can be printed.
expire PDF files on a fixed date, after a number of days use, after a number of opens or prints.
add dynamic watermarks to printed and viewed documents.
track PDF use – log views and prints.

Safeguard automatically protects PDFs from unauthorized sharing:

PDFs are locked from being edited or changed (read only).
users cannot copy or save protected PDFs into unprotected files.
users cannot copy and paste content into other applications.
stops screen grabbing software from taking screenshots.
you can restrict use to IP and country locations.
remotely revoke PDF files at any time.
there are no passwords to enter or remove.
decryption keys are securely and transparently sent to an authorized device and locked to it.
if a protected PDF is sent to an unauthorized user, they can’t open it.
PDF documents are automatically locked to machines (authorized devices).

How to encrypt PDF files without passwords

Using Locklizard to protect PDF files securely is quick and simple.

Admins protect a PDF file using Safeguard Writer and then add their intended recipients as users in their admin portal. The system will automatically send them an email with the license file and a link to the Safeguard Reader application required to open the document. The protected PDF document can then be delivered however you like, as only authorized users can open it.

Here’s how to protect a PDF document securely:

Right-click on a PDF on your desktop and select ‘Make Secure PDF’.

Creating a protected PDF file
Select the copy protection controls you want to apply. By default, editing, copying, and printing are disabled.

Encrypting a PDF without passwords using Safeguard PDF DRM
Press the Publish button to protect the PDF.
Add a user account and send them their license via the Safeguard admin portal. See how to add a new user and grant them document access.

Safeguard Admin System
Distribute your protected PDF document just like any other file.

For a more detailed look at the process, you can read our full guide on how to add security to a PDF.

FAQs

How does Locklizard differ from PDF password protection?

Locklizard combines a passwordless, transparent key-based authentication system with its secure viewer application, which the user installs on their computer, tablet, or mobile phone. Admins don’t need to set up any complex systems or policies – they just add the user to the admin portal after protecting the document and they are automatically sent an email with their license file.

Once a user activates their license, it is locked to their machine. If a user does not have a license file that is authorized to decrypt and open the file, they will not be able to do so. The authorization to view a file can be revoked remotely at any point.

In addition, Locklizard has various irremovable controls that are enforced by its viewer application. By default, Locklizard Safeguard protects against editing, copying, printing, and screenshotting. It can also be used to allow a certain number of prints, add watermarks, set a self-destruct timer, and more.

How do I password protect a PDF without Acrobat?

You can use any other PDF editing software, such as Foxit, Sejda, or PDF element to password protect a PDF. In Foxit, just press ‘Secure Document > Password Protect’ and enter a secure document open password.

How do I password protect a PDF file for free?

You can use one of many online tools. Adobe has its own online tool, but they all work more or less the same. Just bear in mind that you’ll be uploading your document to a remote cloud server that could be compromized in the future.

Instead, you may want to try the open-source PDFEncrypt app, which allows you to password protect a PDF locally.

How do I password protect a PDF in Office 365?

Open the file in Microsoft Word and press ‘File > Info > Protect Document > Encrypt with Password’. Type a strong password, then save it to apply the changes.

How do I send documents securely via email?

Once you password protect a document it will be secure in transit and when it isn’t being used provided the password is strong. However, password protection won’t prevent a user from sharing the PDF and its password with somebody else. For full protection, you should consider using a PDF DRM solution instead.

Is a password protected PDF file secure?

No. Users can share the password with others or remove it. Any permissions that have been applied can be instantly removed using free online tools.

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.

PDF Password Protection	Password Protecting PDFs	History of PDF Passwords	Using Passwords to Protect PDF files
How to Password Protect PDFs	Remove PDF Password Protection	Cracking Password Protected PDFs	Protect PDFs without Passwords
PDF Security Issues	PDF Digital Rights Management	PDF Encryption	PDF Security

Password Protect PDF

PDF Password Protection: why you should not Password Protect PDF Files

Free Trial & Demo

Trusted by:

Using Passwords to encrypt & protect PDF files

<img decoding="async" style="vertical-align: middle;" src="/wp-content/uploads/2021/10/lock-PDF-with-password.png" alt="" width="90" height="90" /> Does PDF Password Protection work?

Some Facts about Passwords

<img decoding="async" style="vertical-align: middle;" src="/Images/authentication.png" alt="" width="90" height="90" /> Enforcing the use of strong PDF Passwords