How to Password-Protect a PDF (and What Encryption Actually Protects)
July 4, 2026 ยท 9 min read
To password-protect a PDF properly, set an open password (also called a user password). That's the one backed by real AES-256 encryption: without it, the file's contents are scrambled bytes that no tool can read. Any decent PDF app โ Adobe Acrobat, macOS Preview, Chrome, or a browser-based tool โ can add one in a few seconds.
But the PDF format actually supports two separate passwords, and only one of them encrypts anything. The other โ the permissions or owner password โ just sets flags asking readers not to print or copy. Well-behaved apps honor those flags. Plenty of free tools strip them in one click. If you rely on the wrong one, you'll think a document is locked when it's wide open.
This guide explains the two password types, what AES-256 encryption genuinely protects (and what it doesn't), how to choose a password that isn't the weak link, and how to remove a password from a file you own. None of it is legal advice โ it's how the technology behaves.
The two passwords a PDF can hold
The PDF specification defines two distinct passwords, and confusing them is the single most common mistake people make when they think they've secured a document.
The open password (the spec calls it the user password) is required to open and view the file. Enter it wrong and the reader shows nothing but an error โ because the page content, images, and text streams are all encrypted. This is the one that matters.
The permissions password (the owner password) does something completely different. It doesn't gate opening the file at all. It sets a handful of permission flags โ can this person print, copy text, edit, fill forms, add annotations โ and it's the password you'd need to change those settings later. If a PDF has only an owner password and no user password, anyone can open and read it instantly. The 'protection' is entirely a request that the reader chooses to honor.
You can set one, the other, or both. For actual confidentiality, you need the open password. For controlling what a recipient does after they've opened it, you add the permissions password on top โ knowing full well those restrictions are soft.
| Open / user password | Permissions / owner password | |
|---|---|---|
| Needed to open the file? | Yes | No |
| Encrypts the content? | Yes โ AES-256 | No โ content stays readable |
| What it controls | Viewing the document at all | Print, copy, edit, annotate flags |
| How hard to bypass | Requires breaking the encryption | One click in many free tools |
| Use it for | Confidential documents | Polite restrictions, not real security |
What AES-256 encryption actually protects
When you set an open password, a modern tool encrypts the PDF with AES-256 โ the strongest option in the PDF spec, formally version 5, revision 6 (V5/R6), standardized in PDF 2.0. Under the hood, the file gets a random 256-bit encryption key, and that key is itself locked with a value derived from your password. No password, no key; no key, no readable content.
This is genuinely strong. AES-256 is the same cipher family used to protect classified data and banking traffic. Nobody is brute-forcing the cipher itself. That means AES-256 protects you against exactly one thing extremely well: someone who has the file but not the password cannot read its contents. A stolen laptop, a misdirected email, a leaked cloud backup โ the document stays opaque.
What it does not protect against is just as important. Once someone has both the file and the password, encryption is done doing its job โ they can open it, screenshot every page, print it, and re-share it freely. Encryption controls access to the file, not what a legitimate viewer does afterward. It also does nothing if your password is weak, because attackers don't attack the cipher โ they guess the password.
One more caveat worth knowing: not every 'password-protected' PDF uses AES-256. Older files used RC4 at 128 bits or AES-128, and some very old ones used 40-bit RC4 that's broken in seconds today. If you're the one adding protection, confirm your tool uses AES-256; if you're receiving a 'secure' PDF, its real strength depends on how it was made.
Why permissions-only protection is weak
Here's the scenario that trips people up. You open a PDF tool, leave the open-password field blank, set only a permissions password, and check the boxes for 'no printing' and 'no copying.' You download the file feeling like it's locked. It isn't.
Because there's no open password, the file is technically encrypted only with a blank user password, so every reader derives the key and opens it instantly โ nothing is actually kept secret. The permission flags are stored in plain view inside the file's encryption dictionary, and they're honored purely on the honor system. Adobe Acrobat and Preview will gray out the print button. But a great many PDF utilities โ including free browser tools โ simply rewrite the file without those flags, and the restrictions vanish. There's no cracking involved; the data was always accessible.
So permissions-only protection is fine for what it is: a way to signal intent to cooperative software and cooperative people. 'Please don't edit the numbers in this invoice.' It is not security. If a document genuinely must not be printed or copied by a determined recipient, a PDF password cannot deliver that โ no PDF tool can, because the recipient's own screen and printer are outside the file's control. That's a job for a dedicated rights-management system, and even those have limits.
The honest rule: use the permissions password as a speed bump and a statement of intent. Use the open password when you actually need the contents kept secret.
How to add a password to a PDF, step by step
The mechanics are the same whether you use Acrobat, Preview, or a browser-based tool. What matters is choosing the open password when confidentiality is the goal.
A privacy note on tooling: many 'online' PDF tools upload your file to a server to do the encryption, which means your document โ and sometimes your password โ leaves your machine. A better pattern is a tool that runs the encryption in your browser via WebAssembly (qpdf compiled to WASM does exactly this), so the password never travels and the plaintext file isn't sitting on someone else's server. If you're protecting something sensitive, that distinction is the whole point.
- Open the PDF in your tool and choose the protect or encrypt option.
- Set the open (user) password โ this is the one that encrypts the file. Choose a strong one (next section).
- Optionally add a separate permissions (owner) password if you also want to set print/copy flags. Make it different from the open password.
- Confirm the tool uses AES-256, not legacy RC4 or 40-bit encryption.
- Apply, download, and then test: reopen the file and confirm it prompts for the password. Delete the original unprotected copy if it's meant to stay confidential.
- Store the password somewhere you won't lose it โ a password manager, not a sticky note on the file itself.
Choosing a password the attacker can't guess
Because AES-256 is unbreakable in practice, the password becomes the entire attack surface. Attackers run automated guessing โ dictionary words, leaked-password lists, keyboard patterns, and brute force over short strings. Your only defense is a password that's expensive to guess.
Length beats complexity. A random four-word passphrase like correct-battery-harbor-lentil is far stronger and far easier to remember than P@ss1! โ the passphrase has vastly more possible combinations, and there's no dictionary attack that catches a random word combination. Aim for at least 12โ16 characters, or four-plus unrelated words.
Don't reuse a password you use elsewhere, and don't base it on anything guessable about you or the document (the client's name, the year, 'invoice2026'). If the file will outlive your memory, generate a random password and store it in a password manager โ that's genuinely the best practice, not a shortcut.
And think about the delivery channel. Emailing the encrypted PDF and the password in the same message defeats the purpose entirely โ anyone reading the inbox gets both. Send the password by a separate channel: a text message, a phone call, a different app.
How to remove a password from a PDF you own
If you have a PDF you can open โ because you know the password โ you can produce an unencrypted copy. This is legitimate and common: you protected a file for transit, and now you want a clean version for your own archive, or you need to merge or edit it.
The process is straightforward: open the file with the correct password, then choose the tool's remove-password or decrypt option and save. What comes out is an ordinary, unencrypted PDF. The same browser-based approach applies here โ decryption can run locally so the password never leaves your device.
Be clear about the boundary. Removing a password requires knowing the password. There is no legitimate tool that strips an open password you don't have โ if the encryption is AES-256, nobody can, which is the whole point. 'PDF password recovery' tools only work by guessing, and against a strong password they simply fail. So the honest answer to 'how do I unlock a PDF I've lost the password to' is usually: you can't, unless the password was weak enough to guess.
Removing a permissions-only password (no open password) is a different story โ that's the trivial one-click case described earlier, precisely because there was never an open password sealing the content.
Frequently Asked Questions
The open (user) password is required to view the file and is backed by real AES-256 encryption โ without it, the contents are unreadable. The permissions (owner) password doesn't gate opening at all; it only sets flags for printing, copying, and editing, and those flags are honored voluntarily by readers. For actual secrecy you want the open password.
No. If there's no open password, the file opens for anyone immediately (it's encrypted only with a blank user password), so the contents aren't actually secret. The print and copy restrictions are just requests that cooperative software honors, and many free tools strip them in one click. Treat permissions-only protection as a polite speed bump, not security.
Not by attacking the encryption โ AES-256 is effectively unbreakable with current technology. The realistic attack is guessing the password: dictionary words, leaked-password lists, and brute force on short strings. A long, random passphrase makes that infeasible; a weak or reused password makes the strong encryption pointless.
If it has an open password protecting encrypted content, you generally can't โ that's exactly what AES-256 guarantees. Recovery tools only work by guessing, and they fail against a strong password. If the file only had a permissions password (it opens without prompting), removing the restrictions is trivial since there was no open password sealing the content.
Not reliably. Encryption controls whether someone can open the file at all. Once they're in โ with the correct password โ they can screenshot, print, or re-share the content, and permission flags can be stripped by many tools. No PDF password can truly prevent a legitimate viewer from copying what's on their own screen.
It depends on where the encryption happens. Many online tools upload your file (and sometimes your password) to a server. Prefer a tool that runs the encryption in your browser via WebAssembly, so the plaintext file and password never leave your device. Also confirm it uses AES-256 rather than legacy RC4.
Related Tools
Add an open password backed by genuine AES-256 encryption (or remove one you own) โ the whole thing runs in your browser, so your password never gets uploaded.
merge PDFs before you protect themCombine several PDFs into one file first, then apply a single password to the finished document instead of juggling separate encrypted files.
add a signature to a PDFDrop a signature onto a PDF before you lock it, so the signed version is the one you encrypt and send.