Key Takeaways
- •Two password types — Open passwords block access entirely; permission passwords allow viewing but restrict actions.
- •AES-128 encryption — Industry-standard security used by governments and financial institutions.
- •Permission controls — Prevent printing, copying, or modifying while still allowing the document to be viewed.
- •Universal compatibility — Protected PDFs work in Adobe Reader, Preview, Chrome, and all standard PDF viewers.
- •100% local — Encryption happens in your browser. Your documents and passwords never leave your device.
Quick Answer
Add Password encrypts your PDF with AES-128 security. You can require a password to open the document, restrict actions like printing and copying, or both. The encryption happens entirely in your browser—your files and passwords never touch a server.
The Two Types of PDF Passwords (Most People Get This Wrong)
Here's something that confuses almost everyone who password-protects a PDF for the first time:
There are two completely different types of PDF passwords.
They look similar when you set them up, but they do very different things. Using the wrong one—or not understanding the difference—can leave your document less protected than you think.
| Feature | Open Password | Permission Password |
|---|---|---|
| Also called | User password, document open password | Owner password, master password |
| What it does | Blocks opening the document entirely | Allows opening, restricts actions |
| Without password | Can't view anything | Can view, but can't print/copy/edit |
| Strength | Strong — full encryption | Moderate — can be bypassed |
| Best for | Confidential documents | Distribution control |
Let's break down exactly how each one works.
Open Password: The Digital Lock
Open Password (User Password)
When you set an open password, the entire document is encrypted. Anyone who tries to open the PDF without the password sees nothing—just a password prompt. The content is cryptographically scrambled until the correct password is entered.
- Encrypts the document content using AES-128
- No viewing, no previewing, no access without the password
- Cannot be bypassed by normal means
- Password must be shared with anyone who needs access
Use Open Password When...
- The content itself is confidential: Financial statements, medical records, legal documents
- You're sharing sensitive information: Tax returns, contracts, personal data
- The document shouldn't be seen by unauthorized people: Even a glimpse would be a problem
- You're sending via insecure channels: Email, cloud storage, shared drives
Example: Sending Tax Documents to Your Accountant
You need to email your W-2 and bank statements. Set an open password on the PDF, send the document via email, then share the password separately (text message, phone call). Even if the email is intercepted, the documents are unreadable without the password.
Permission Password: The Usage Restrictor
Permission Password (Owner Password)
A permission password lets anyone open and view the document, but restricts what they can do with it. You can prevent printing, copying text, or modifying the document—all without requiring a password to view.
- Document opens normally without a password prompt
- Printing, copying, and editing are blocked
- The owner password is needed to change or remove restrictions
- Recipients can read but not repurpose the content
What Can You Restrict?
| Permission | When Blocked | Common Use |
|---|---|---|
| Printing | Document can't be sent to a printer | Preventing unauthorized physical copies |
| Copying text | Select + copy doesn't work | Protecting proprietary content |
| Modifying | Can't edit, add pages, or fill forms | Preserving document integrity |
| Extracting pages | Can't pull individual pages out | Keeping documents intact |
Important: Permission Passwords Can Be Bypassed
Permission restrictions rely on PDF readers honoring them. Most legitimate software (Adobe Reader, Preview) does, but specialized tools exist that ignore these restrictions. Permission passwords are deterrents, not security. They stop casual copying, not determined attackers.
Use Permission Password When...
- You want easy viewing but controlled distribution: Reports, presentations, published content
- Preventing casual copying is enough: Not worried about sophisticated bypass attempts
- You can't share passwords with recipients: Public documents, website downloads
- The content isn't truly confidential: It's okay if someone sees it, just don't want easy copying
Which Password Type Should You Use?
Here's a simple decision framework:
| Your Situation | Recommended Approach |
|---|---|
| Document contains sensitive personal/financial data | Open password — encryption is essential |
| Sharing with specific trusted recipients | Open password — share password separately |
| Publishing for public/wide distribution | Permission password — can't share passwords with everyone |
| Want to discourage (not prevent) copying | Permission password — stops casual misuse |
| Maximum security for confidential content | Both — open password + permission restrictions |
| Internal documents, compliance records | Open password — audit trail matters |
Best practice: When in doubt, use an open password. It provides actual encryption. Permission passwords are useful additions but shouldn't be your only protection for anything truly sensitive.
Understanding AES-128 Encryption
When you add a password, PDFOutfit encrypts your document using AES-128. Here's what that means in plain terms.
Encryption Standard
Advanced Encryption Standard with 128-bit keys. The same encryption used by governments, banks, and security-conscious organizations worldwide. With a strong password, breaking this encryption by brute force would take longer than the age of the universe.
How It Works
Your password is converted into a cryptographic key. That key is used to scramble the document content into unreadable data. Without the correct password (which regenerates the correct key), the scrambled data cannot be unscrambled. The math is one-way—there's no “backdoor” to bypass it.
AES-128 vs. AES-256
You might see some tools offer AES-256. The difference:
Quick Comparison
- AES-128: 2^128 possible keys (340 undecillion combinations)
- AES-256: 2^256 possible keys (even more combinations)
- Practical difference: Both are effectively unbreakable with strong passwords
- PDF standard: AES-128 is the most widely supported encryption level
For all practical purposes, AES-128 with a strong password provides more than enough security. The weak point is never the encryption algorithm—it's weak passwords.
Creating Strong Passwords
The encryption is only as good as your password. Here's how to create one that actually protects your document.
Weak Passwords (Don't Use These)
password,123456,qwerty- Single words from the dictionary
- Personal info: birthdays, names, addresses
- Anything under 8 characters
- The same password you use everywhere else
Strong Passwords (Use These Patterns)
- Passphrase:
correct-horse-battery-staple(4+ random words) - Mixed characters:
Tr0ub4dor&3#blue(letters, numbers, symbols) - Length over complexity: 16+ characters beats complicated-but-short
- Unique per document: Different password for each sensitive file
Password sharing tip: Never send the password in the same channel as the document. If you email the PDF, send the password via text message, phone call, or a secure messaging app. This way, intercepting just the email doesn't give an attacker everything they need.
Your Passwords Stay Private
PDFOutfit encrypts documents entirely in your browser. Your password is never transmitted anywhere—it's used locally to generate the encryption key, then discarded. We can't recover your password because we never see it.
- No server processing — Encryption happens on your device
- No password storage — We never see or store your password
- No recovery option — If you lose the password, we can't help (by design)
- No data transmission — Your document never leaves your computer
Common Scenarios
📊 Financial Documents
- Use: Open password (required)
- Share password via phone/text
- Consider adding print restrictions
- Keep unencrypted backup locally
📋 Contracts & Legal
- Use: Open password for drafts
- Add permission password for finals
- Block editing to preserve integrity
- Flatten signatures before protecting
🏥 Medical Records
- Use: Open password (mandatory)
- Strong password (16+ characters)
- Never email password with document
- Consider secure portal instead
📚 Published Reports
- Use: Permission password only
- Block copying to protect IP
- Allow printing for readability
- No open password (public access)
💼 HR Documents
- Use: Open password
- Individual password per employee
- Share via HR system or secure call
- Block editing and extraction
🎓 Academic Materials
- Use: Open password for exams
- Permission-only for study guides
- Block copying to prevent cheating
- Time-release via scheduled password share
Important Limitations (What Passwords Can't Do)
Password protection is powerful, but it's not magic. Understanding the limitations helps you use it appropriately.
Limitations to Understand
- Can't stop screenshots: Anyone who can view can screenshot
- Can't prevent photography: Someone can photograph their screen
- Permission passwords can be bypassed: Specialized tools exist
- Lost passwords = locked forever: No recovery option (even for us)
- Doesn't hide that the PDF exists: File name and existence are visible
- Metadata may still be readable: Some info visible without password
When You Need More Than Passwords
For extremely sensitive situations, consider these additional measures:
Additional Security Layers
- Redact sensitive data: Use Redact Text to permanently remove information
- Strip metadata: Use Edit Metadata to remove hidden file information
- Flatten before protecting: Use Flatten PDF to lock signatures/forms
- Watermark for tracking: Use Add Watermark to identify copies
- Secure transfer: Use encrypted file transfer services, not just email
Frequently Asked Questions
Is Add Password free?
Yes. Guest users get 2 free uses per day. Free accounts (email signup, no credit card) get 5 daily. Pro subscribers get unlimited access to all 18 PDF tools.
What encryption does PDFOutfit use?
AES-128, the same encryption standard used by governments and financial institutions. With a strong password, this encryption is effectively unbreakable by brute force methods.
Can I recover a lost password?
No. PDFOutfit never sees or stores your password—encryption happens entirely in your browser. If you lose the password, there's no way to recover it. This is by design for your security. Always keep a backup of important passwords.
Is my file sent to a server for encryption?
No. All encryption happens locally in your browser using WebAssembly technology. Your document and password never leave your device. We can't see what you're encrypting because the data never reaches us.
Will the protected PDF work in all PDF readers?
Yes. AES-128 encrypted PDFs are supported by all major PDF readers including Adobe Acrobat, Adobe Reader, Apple Preview, Chrome's built-in viewer, Firefox, and mobile PDF apps. The password prompt will appear automatically.
What's the difference between open and permission passwords?
An open password encrypts the document—no one can view it without the password. A permission password allows viewing but restricts actions like printing, copying, and editing. You can use one or both depending on your needs.
Can permission restrictions be bypassed?
Technically, yes. Permission restrictions rely on PDF readers honoring them, and specialized tools exist that ignore these restrictions. Use permission passwords to deter casual copying, not as security against determined attackers. For true confidentiality, use an open password.
How do I remove a password from a PDF?
You'll need the original password. Open the protected PDF with the password, then save/export it without password protection. If you've lost the password to a document you own, there's unfortunately no legitimate way to remove the encryption.
Can I protect multiple PDFs at once?
Currently, Add Password processes one document at a time. For bulk encryption, you'd need to protect each file individually. This ensures you can set appropriate passwords for each document's sensitivity level.