RectoPDF
English
Français العربية
RectoPDF
Pro
Most popular
Merge PDF Split PDF Compress PDF JPG to PDF
Organize PDF
Optimize PDF
Convert to PDF
Convert from PDF
Security
Resources
· RectoPDF team

How to password-protect a PDF (and what the password actually does)

A short, honest guide to PDF passwords: which encryption to use, what the permission flags really mean, and the one rule that matters more than the algorithm.

PDF passwords are one of those features people use without understanding. You set one, you assume the file is “secure,” and you move on. Most of the time that’s fine. Sometimes it isn’t, and the gap between “I added a password” and “this file is actually safe to send” is bigger than people realise.

This post is short. Here’s what actually matters.

The one rule

The strength of a password-protected PDF is the strength of the password, full stop. Pick a long, hard-to-guess passphrase and the file is uncrackable in practice. Pick “password123” and no algorithm choice will save you.

Everything else in this post is footnotes to that rule.

How encryption is structured in PDF

When you protect a PDF, the file isn’t just gated by a password — it’s actually encrypted. The encryption uses a random per-file key, and the key is itself protected by your password.

PDF has supported several encryption schemes over the years:

  • RC4 40-bit (1996–2000s) — broken; brute-forceable in hours. Don’t use.
  • RC4 128-bit (~2001) — still considered safe with a strong password, but RC4 itself has been deprecated in TLS and other modern uses. Avoid.
  • AES-128 (Acrobat 7+, 2005) — current default for most tools. Strong.
  • AES-256 (PDF 2.0 / Acrobat X+, 2010) — strongest. Strong.

Our Protect PDF tool emits AES-128 (R=4) in v1 — the most compatible modern format. AES-256 is on the roadmap.

In practice, AES-128 and AES-256 are both unbroken when used with a long password. The difference matters only in extreme threat models (intelligence agencies with vast compute) that don’t apply to most users.

What the permission flags actually do

When you protect a PDF, you can set “permissions” — allow printing, allow editing, allow copying, allow annotations. These are real bits in the PDF spec that mainstream readers (Acrobat, Apple Preview, browser PDF viewers) honour. They’re a politeness layer.

The crucial thing to understand: permissions are advisory. The decrypted content of the PDF is still right there. A determined attacker with a non-mainstream tool can ignore the flags. They’re useful for stopping casual misuse — your colleague’s “I’ll just print this real quick” — not for stopping motivated leaks.

If you genuinely need a recipient not to copy or print content, password-protecting a PDF is the wrong tool. Use a controlled-access system (rights management, watermarked PDFs, view-only sharing).

What about owner vs user passwords?

PDF supports two:

  • User password: required to open the file at all.
  • Owner password: required to change permissions / remove protection.

Most tools (including ours) default to making them the same. That’s almost always what you want. Two separate passwords is a niche feature for corporate workflows where one person locks the PDF and another opens it.

A practical password strategy

A passphrase made of four random words beats a “complex” 8-character password by a wide margin. correct-horse-battery-staple is much stronger than P@ssw0rd!. Length matters more than character variety.

A few sources for good passphrases:

  • Diceware — rolls dice, picks words from a list. The original passphrase method.
  • A password manager’s generator — 1Password, Bitwarden, etc. all generate passphrases. Use 4–5 words minimum.

Treat your PDF password like a “lost forever” risk. If you forget it, there is no backdoor. The encryption is the encryption.

Removing protection (when you have the password)

If you’ve lost the password — there’s no help available short of brute force, and modern AES is brute-force-proof in any practical sense.

If you have the password and just want to remove the protection (e.g., to merge or edit the file), use Unlock PDF. It supports every encryption version PDF has ever produced (RC4-40/128, AES-128, AES-256) — as long as you have the password, you get an unprotected copy back.

Privacy

Both Protect PDF and Unlock PDF run entirely in your browser. Your password is held in memory only for the operation and never leaves your device. Same for the file.

This matters more than you might think. The whole point of password-protecting a PDF is that the unencrypted content is sensitive. Uploading that unencrypted content to a server “just to add a password” is missing the plot. Doing it locally is the only sane default.