Some documents should not be accessible to just anyone. Confidential information, sensitive contracts, personal data, financial documents: protecting PDFs with passwords and permission restrictions keeps that information secure and controls who can do what with your documents.
The problem is that many people protect their PDFs poorly: they use weak passwords, apply the wrong level of security, or do not understand what the different options actually protect. A poorly protected PDF gives a false sense of security when in reality anyone with basic knowledge can access the content.
Types of protection in PDFs
PDFs can be protected in two main ways: an open password and a permissions password. These are different things with different purposes.
The open password encrypts the entire document. Without the correct password, the PDF will not open; nothing can be seen. This is the strongest protection for documents that only certain people should be able to read.
The permissions password (also known as the owner password) protects against certain actions: printing, copying text, editing, adding comments. The document opens as normal, but certain functions are blocked. Useful for documents you want people to read but not to modify or redistribute.
You can apply both protections simultaneously: one password to open the document and a different one to change the permissions. This way, you control who accesses it and what they can do with the content.
Protect with Adobe Acrobat
Adobe Acrobat (the paid version) offers the most comprehensive and robust protection system.
Go to File > Protect with Password, choose which type of protection to apply, and set the passwords and specific permissions.
You can choose the encryption level: 128-bit or 256-bit AES. The higher the level, the more secure it is, but the less compatible it is with older versions of PDF readers. For new documents, always use 256-bit unless you know you need compatibility with very old software.
The permissions you can control include: allowing or blocking printing (full or low quality only), allowing or blocking copying of text and images, allowing or blocking changes to the document (you can specify what type of changes), allowing or blocking the addition of comments and signatures, and allowing or blocking the filling in of forms.
This level of granularity allows you to fine-tune exactly what you want to protect. A document that should be read and printed but not edited: allow free opening and block editing. A form that should be completed but not modified: allow specific fields to be filled in but block everything else.
Free online tools
Web services such as Smallpdf, iLovePDF, PDF24 Tools and Sejda offer basic PDF protection for free. You upload your document, set the password, choose basic permissions, and download the protected PDF.
The options are usually more limited than in Acrobat. You can set an open password and choose some basic permissions, but you don’t have the granular control of professional software. For simple protection, this is sufficient.
The issue of privacy applies here too. You are uploading documents that you want to protect because they are sensitive. You trust that the online service does not keep copies, does not access the content, and deletes everything after processing. Reputable services are generally secure, but for extremely confidential information, processing locally is more prudent.
Free desktop software
PDFtk, PDF24 Creator and QPDF are free tools that protect PDFs locally without uploading files to the internet. The interface isn’t as user-friendly as online services or Adobe, but they work well and your files never leave your computer.
PDFtk via the command line is particularly powerful. You can automate protection for multiple files using scripts, apply consistent settings to batches of documents, and integrate protection into automated workflows. For technical users it’s an excellent tool.
Microsoft Word can protect files before exporting
If you’re creating the PDF from Word, you can set up protection during export. When you save as a PDF, there are options to add a password and configure basic permissions. It’s not as comprehensive as Adobe, but it works for simple protection.
Protecting the document whilst creating the PDF is more efficient than creating the PDF and protecting it later as a separate step. If you know from the start that the document needs protection, set it up during export.
Strong passwords are critical
A weak password such as ‘123456’ or ‘password’ offers no protection whatsoever. Decryption tools can crack simple passwords in minutes. If you are going to protect a PDF, use a strong password.
A strong password is at least 12 characters long, combines upper and lower case letters, includes numbers and symbols, and is not a dictionary word or personal information (your name, date of birth, etc.). Random password generators create very strong passwords.
The problem with very strong passwords is remembering them. If you protect many documents with different passwords, keeping track of them is crucial. A password manager helps. Or set up a password system that you can remember but that is strong: a long phrase with numbers and symbols inserted, for example.
Password distribution
Protecting the PDF is one thing; communicating the password is another. Sending the PDF and the password in the same email nullifies the protection: if someone intercepts the email, they have both.
Communicate the password via a different channel. Send the PDF by email and the password by text message, or vice versa. Or communicate the password verbally over the phone. This makes it harder for an unauthorised person to obtain both.
For highly sensitive documents, consider secure transfer services that handle authentication and distribution in a more sophisticated manner than simple email.
Permissions without an open password
You can apply permission restrictions without requiring a password to open the document. Anyone can open and read it, but they cannot edit, copy or print without the permission password.This setting is useful for public documents that you wish to distribute widely whilst keeping them intact. Official reports, press releases, documentation that must be read but not altered.
Bear in mind that permission restrictions without an open password are relatively easy to remove. Online tools exist that remove these restrictions in seconds. It is not strong security, but rather a soft barrier that prevents accidental modifications.
Limitations of PDF protection
No protection is absolutely unbreakable. Strong passwords with 256-bit encryption are very difficult to crack, but not impossible with enough time and resources. For critical documents, consider additional measures beyond the protection of the PDF itself.
Protection against copying text or images is not perfect. Someone can take screenshots or photograph the screen. Permission restrictions are more about preventing accidental misuse than stopping a specific individual. If the document is so sensitive that its compromise would cause serious harm, PDF protection should be part of a broader security strategy: system-level access control, full-disk encryption, secure transmission channels.
Protecting PDFs on Mac
Preview on Mac can add basic password protection to PDFs. Open the document, go to File > Export, tick the ‘Encrypt’ box, set the password and save. The resulting PDF requires that password to open.
Preview’s protection is simple, just an open password. You have no control over specific permissions. For that, you need more comprehensive software.
Check the applied protection
After protecting a PDF, check that it works as expected. Try opening it without a password to confirm that it asks for one. Try editing, copying, and printing to verify that the restrictions work. A configuration error may leave the document without any real protection.
Test in different PDF readers if possible. Adobe Reader, web browsers, alternative readers. Permission restrictions sometimes behave differently in different programmes.
Protection vs usability
More protection generally means less usability. If you block everything (no printing, copying, editing or commenting), the document is difficult to use even for authorised users. Find the balance between security and functionality.
Ask yourself what you are actually protecting. If you only need to prevent accidental edits, basic restrictions are sufficient. If you are protecting legally confidential or commercially sensitive information, you need stronger protection.
Documents with multiple reviewers
When multiple people need to review or comment on a document but not edit it, you can protect it against editing whilst allowing comments to be added. This keeps the original content intact whilst enabling collaboration.
Configure permissions specifically for your workflow. If it is a form that needs to be filled in, allow fields to be filled in but block everything else. If it is a review document, allow comments but not direct editing.
Expiry of protection
Some advanced systems allow protection with an expiry date: the document can only be opened until a certain date, or permissions change after a specified period. This requires more sophisticated DRM solutions than standard PDF protection.
For most cases, standard PDF protection is sufficient. If you need time-limited control or advanced digital rights management, look for specialised enterprise solutions.
Backing up protected documents
If you password-protect a PDF and forget the password, you’ve lost access to your own document. Keep secure records of your passwords or use a consistent system thatyou can remember.
Save an unprotected version of important documents in separate secure storage. That way, if there’s a problem with the protected PDF, you have a backup. Obviously, that backup must be as secure as, or more secure than, the PDF itself.
Protecting PDFs correctly requires understanding what type of security you need, applying it with the appropriate settings, and using strong passwords. It isn’t complicated, but you have to do it properly. A document protected with a weak password or incorrect settings gives a false sense of security. Take the time to configure the appropriate protection for each case and keep your passwords secure.
Protect your PDF files
Lock PDF
