PDF Password Protection

Why passwords are useless & how to protect a PDF without passwords

Protect IP

Secure PDF documents without useless passwords:

Stop unauthorized access
Stop sharing and distribution
Strong US Gov strength encryption, DRM and licensing controls

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Why you should NOT password protect PDF files

Password protecting PDF files: why use passwords?

Passwords have a strong historic precedent in protecting access to computers and files. Originally, it was the only mechanism that could be implemented – smart cards and biometrics were just a gleam in manufacturers’ eyes (and some say still are).

Over time, however, they have received increasingly bad press as a security mechanism. This is largely because systems have been implemented poorly, with little understanding of security or human psychology.

The usual approach to password management is to insist on one that has 6-8 characters and numbers and changes regularly. This approach makes people pick easy passwords so that they have a snowball in hell’s chance of remembering. The same applies when people pick passwords for protecting encrypted PDF documents (or password protect a Word document, zip files, or anything similar). It is difficult to choose a password that you can easily pass on to the recipient and be sure they get it right unless you choose a short and simple one.

Managing PDF passwords & controlling use

Managing PDF passwords is, in itself, a nightmare:

Who has which password?
Has it been changed?
Can they update it?
What happens if you update it?
How do you get the password to the recipient securely?
If they ‘lose’ it how do you replace it?

You cannot stop users from sharing the password(s) with other people, and you have no way of being able to detect that

And therein lies the problem. Short passwords that are easy to remember and type are just as easy for an attacker to crack with a dictionary system. They can break it in minutes, if not seconds. Even an exhaustive search for all numbers and letters for 8-character positions is stunningly quick – see Removing PDF Passwords.

Sadly, PDF passwords are still popular (as are zip passwords), despite the fact that they are easily passed on to unauthorized users and are often cracked.

This is the catch-22 of passwords: you must share the password for the security to be usable, but in doing so, severely compromizes it. If you’re using a password to enforce PDF security or DRM, any rights you gave the recipient can be passed on by simply sharing the password.

We therefore have to conclude that PDF passwords are not an effective way to implement PDF security. They are difficult to manage and easy to defeat.

Password security basics

If you do decide to go the password security route, there are several aspects you need to keep in mind. Creating passwords that follow these rules will increase the time it takes a password cracking program to compromise them (though it won’t stop users from sharing the passwords with others):

DON’T use a PDF password that’s human-readable: Any password that a human can “read” will be easier for a machine to crack. Dictionary words, dates, names, common keyboard patterns (asdf, 123), capitals only at the start of words, repeating characters. All of these are easy targets for cracking tools.
DO use acronyms: Completely random passwords are difficult to remember. Passwords that are difficult to remember are more likely to be stored insecurely (on a post-it note or plaintext file). The best balance between memorability and security is to create an acronym from a phrase (12+ characters, NOT a common idiom), and add capital letters, numbers, and special characters.
DON’T re-use passwords: Isolate the impact of a password compromize as much as possible. Reusing passwords or using variants of the same password means that if one PDF is compromized, all of them are.
DO use password generators and password managers: The requirements above will make it harder for you to manage, create, and remember passwords. This is unavoidable, but you can mitigate it somewhat by randomly generating your passwords and securing them in a password manager. However, the password manager holds the keys to your entire kingdom, so you better make sure it uses a strong password, 2FA, and even biometrics/a security key where possible.

10 Reasons NOT to password protect PDF files

Although it seems like a good idea to password protect a PDF because it’s easy, most implementations are not effective. Below are 10 reasons why you should not PDF password protect files.

Password Maintenance
Strong PDF passwords are difficult to set up and use.
Password Administration
You have to administer a list of PDF passwords – ideally one for each document. This can soon become a burden.
The Adobe PDF Open Password must be shared
The Adobe Acrobat document open password must be given to others in order for users to view PDF files.
The Adobe PDF Permissions Password is totally useless
Once the document open password is known then the permissions password can be broken in seconds, so any restrictions you add to a PDF file (i.e. restrict printing, editing, copying, etc.) are useless. See Removing PDF Passwords.
Passwords are easily shared with unauthorized users
PDF passwords can be easily shared because they are sent in a readable format.
Passwords are easily stolen
PDF passwords can be easily stolen. They are often left exposed in plain text documents so that they can be easily remembered or copy/pasted.
You don’t know who has access to your protected PDF files
There is no way of knowing how many people are using a PDF password that has been given away or stolen.
Passwords are easily forgotten
Users often forget passwords and are more likely to try and remove them as a result.
PDF Password Removal tools can remove passwords in seconds
There are many free PDF password removal programs that will easily remove Adobe Acrobat passwords, including the open password. Even applications like Google Drive and Google Chrome can be used to remove PDF passwords – see Adobe PDF security issues.
16 character ASCII passwords can be cracked in an hour
It takes just 1 hour to crack 16-character ASCII passwords when a common password has not been used (password crackers check against a commonly used password list first). If a commonly used password has been used, then it takes seconds or minutes.

Why do people password protect their PDF files?

The simple answer is laziness or lack of research. They assume that passwords provide ”enough” protection, despite the fact that anybody can search the Internet and buy products that will remove them in seconds. Search for:

pdf password
pdf password protect
pdf password protection
pdf password security
password protect pdf
password protect a pdf file
how to password protect a pdf
protect pdf with password

And at least three of the first ten search queries are for pdf password crackers.

“Document-level password protection technically isn’t DRM (digital rights management). And because of the plug-in architecture of Acrobat and PDF readers, it makes PDF a less-secure platform for DRM.” – ElcomSoft CEO Vladimir Katalov.

At a click of a button, pdf-Recover will remove the password regardless of whether it has been encrypted using the latest 256-bit AES encryption. The result is an exact replica of the original PDF without any security settings whatsoever – pdf-Recover removes all of the restrictions implemented.

So, whilst you can use Adobe to password protect a PDF file for free, the security you are getting is not adequate.

If you are still not convinced, see Removing PDF Passwords and PDF Security cracks and flaws.

If PDF passwords are not recommended, what should I use to protect my PDF documents?

The key to a secure system is to avoid the user having to know or be involved with passwords at all.

This is best achieved by ensuring that, in a cryptographic system, keys are exchanged securely and secretly, so that even the user is not aware of, and therefore cannot compromise, the security of the system. Only if you take these steps can you be confident that the protection method you have used is resistant to both deliberate and careless compromise.

It is an accepted fact by all security professionals that the people most able to compromise any security system are the authorized users. That is not to say that users are deliberately dishonest or even malicious − rather that in most cases they are overly helpful or fail to understand the security functions that they are expected to perform. This is why phishing and social engineering attacks are among the most common.

Though it’s not easy to design, a system that does not require direct user involvement with passwords or keys is preferable. Otherwise, the integrity of the system hinges on humans, who are fallible.

PDF DRM Security without passwords

Safeguard PDF Security and Enterprise PDF DRM do NOT use PDF password protection to protect your PDF documents. They ensure your PDF documents are encrypted and protected against unauthorized use and misuse without the use of passwords.

Using Safeguard Writer, you can protect a PDF file without passwords and apply DRM controls to prevent PDF copying, saving, modifying, and printing.

Safeguard uses public key technology rather than passwords.

PDFs are individually encrypted locally on your desktop and protected using a unique key that is stored, encrypted, on a licensing server.
This key is securely and transparently relayed to an authorized client computer (a device that an authorized user has registered their license from) when a protected document is opened.
Keys are locked to authorized devices so that they cannot be shared with others.
Protected PDFs cannot be copied, printed or shared unless you have specified otherwise.
You can set document expiry dates and instantly revoke your PDF files.
There are no passwords for users to enter, manage, forget, or pass on to others.

Safeguard uses US Gov strength AES encryption to encrypt PDFs, public key technology, DRM and licensing controls to ensure your PDFs remain protected at all times. See our DRM Technology.

How to protect PDF files without passwords

Locklizard enables you to protect PDF files without passwords by combining 256-bit AES encryption, a secure viewer application, and a licensing system with transparent and secure key management.

Here’s how to protect a PDF document without passwords using Safeguard Secure PDF Writer

Right-click on a PDF report on your computer and select ‘Make Secure PDF’.

Creating a protected PDF file
Select the copy protection controls you want to apply. By default, editing, copying, and printing are disabled.

Encrypting a PDF without passwords or certificates using Locklizard Safeguard PDF DRM
Press the Publish button to protect the PDF.
Select the users you want to give access to your protected PDF files using the cloud-based Admin System:

Safeguard Admin System
Then distribute your protected PDF documents just like any other file.

FAQs

Can you password protect a PDF online?

You can, but it’s not usually a good idea. It means uploading your PDF file to somebody else’s server unprotected. You have no way to verify what they will do with your unprotected copy after you upload it. Online tools also use the same password security as Adobe Acrobat and the protection will therefore be easy to remove.

How do I remove password protection from a PDF?

If you know the password, simply remove it in Adobe Acrobat settings.
If you don’t, the PDF permissions password is easy to remove – a free PDF password removal site or app will get rid of it instantly.
The open password is more difficult, and you’ll want to use paid software like Elcomsoft to crack it.

Can you password protect a PDF file in an email?

All email clients that support attachments will allow you to add a password protected PDF. A good password can make it harder for an attacker to extract information should a user’s account be compromized or an email intercepted. However, there are still aspects to consider – namely, how to transmit the password to the recipient securely and the fact that the recipient can share the password with others. There are safer ways to send a PDF by email securely.

Can I protect a PDF from editing without a password?

Yes, if you use Locklizard to protect it. Locklizard enables you to restrict PDF editing without passwords and stop users from copying and pasting content, screen grabbing, printing, sharing and more.

Can I password protect a PDF without Acrobat?

Yes, but it is no more secure. You can encrypt a PDF without Acrobat using more secure methods such as certificates or DRM.

Can you print a password protected PDF?

Yes, it is easy to remove the permissions by using free software online. If you want to prevent users from printing PDFs then you need to use a PDF DRM system that does not use passwords.

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

Writers
Product Manuals
FREE Trial

ABOUT US

About Us
Our DRM Technology

Customers

Locklizard vs Competitors

Secure Data Rooms

Company Brochure

CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 800 707 4492
Tel (UK): +44 (0)1292 430290

PDF Password Protection	Password Protecting PDFs	History of PDF Passwords	Using Passwords to Protect PDF files
How to Password Protect PDFs	Remove PDF Password Protection	Cracking Password Protected PDFs	Protect PDFs without Passwords
PDF Security Issues	PDF Digital Rights Management	PDF Encryption	PDF Security