PDF passwords encrypt your document so only authorised recipients can open it. This guide covers how PDF encryption works, the two types of PDF passwords, and when each is appropriate.
PDF password protection encrypts your document using cryptographic algorithms, making it unreadable to anyone who doesn't have the password. It's one of the most practical ways to share sensitive documents digitally — keeping payslips, contracts, medical records, and confidential reports accessible only to their intended recipients.
This guide explains how PDF encryption works, the difference between the two types of PDF passwords, how to choose a strong password, and what happens when you forget one.
When you add a password to a PDF, the file's content is encrypted using an algorithm (typically AES-128 or AES-256). The password you set is used as part of the encryption key derivation process. Without the correct password, the encrypted file is computationally infeasible to read — modern AES-256 encryption is considered secure against brute-force attacks for the foreseeable future, assuming a reasonably strong password.
What this means practically: anyone who receives the password-protected PDF will see only a password prompt when they try to open it. The content is scrambled at the binary level — not just hidden, but genuinely unreadable without the key.
An open password (also called a user password) restricts who can open the document at all. Anyone who tries to view the PDF is immediately prompted to enter this password. Without it, they cannot see any part of the document.
When to use it: Use an open password when you're sharing a document with specific individuals and want to prevent anyone who intercepts or stumbles upon the file from reading it. Common examples include payslips shared with employees, personal tax returns, medical records, private contracts, and anything containing personal identifiable information (PII).
A permissions password (also called an owner password) doesn't prevent the document from being opened — it restricts what the reader can do with it. The document owner can restrict printing, copying text, editing, and filling in forms. Anyone can read the PDF, but only someone with the permissions password can change or remove those restrictions.
When to use it: Use a permissions password when you want to share a document widely but prevent it from being easily modified, copied, or printed. Common examples include published reports, instructional materials, and commercial documents where you want to control distribution without preventing people from reading.
Important: For genuinely sensitive documents, always use an open password, not just a permissions password. A permissions-only PDF is readable by anyone who opens it — the restrictions only prevent certain actions. If you need to restrict who can read the document, you need an open password.
The strength of PDF encryption depends heavily on your password. AES-256 encryption is mathematically secure, but a weak password can be cracked by an attacker who tries common words and phrases (a dictionary attack). To protect against this:
When sharing a password-protected PDF, never send the password in the same email as the file. Use a separate channel — a text message, phone call, or messaging app — to share the password. This ensures that even if someone intercepts the email, they still can't open the file.
If you receive a password-protected PDF and have the password, you can permanently remove the protection using PDFusion's Unlock PDF tool. This decrypts the document and saves a new copy without any password requirement — useful when you want to edit or merge a protected PDF with other documents.
Without the password, removing protection from a PDF is not straightforward. There are commercial PDF cracking tools, but they rely on brute-force password guessing, which becomes computationally infeasible for strong passwords.
PDFusion uses AES-256 encryption, the same standard used by governments and financial institutions. It's considered computationally secure against brute-force attack for the foreseeable future, provided a strong password is used.
If you forget the password to a PDF you encrypted, there is no backdoor or recovery mechanism. The encryption is genuine. Your only options are to try password variations you might have used, use a commercial PDF password recovery tool (which works by trying many password combinations), or accept that the document is inaccessible. Always store important passwords in a password manager.
Yes. Applying a password to a signed PDF doesn't invalidate the signature — it just encrypts the file. The signature remains embedded and verifiable by anyone who opens the document with the correct password.
Yes. AES-256 PDF encryption is part of the PDF standard and is supported by all major PDF readers including Adobe Acrobat, Apple Preview, Foxit, and PDF viewers built into web browsers.
No. Your PDF and password are processed in server memory only. The encrypted output is delivered directly to your browser and then discarded. PDFusion never stores, logs, or retains your documents or passwords.
AES-256 encryption, free, instant, and private.
See also: Unlock PDF · Redact PDF · All PDF Guides
Free, private and ad-supported. A coffee keeps it running.