James Wright
PDF & Document Specialist
PDF Security Guide: Passwords, Permissions, and Redaction
A comprehensive guide to protecting sensitive information in PDF files using encryption and redaction.
"Securing" a PDF can mean several different things, and confusing them is a common — and dangerous — mistake. This guide explains the three pillars: passwords, permissions, and redaction.
Two kinds of password
A user (open) password is required to open and read the document. An owner (permissions) password leaves the file readable but restricts actions such as printing or copying. A PDF can use either or both.
Encryption strength
Older PDFs used weak 40- or 128-bit RC4 encryption that is trivial to break today. Always choose AES-256 when protecting sensitive material.
Permission flags
- Printing (and high-resolution printing)
- Copying text and graphics
- Editing content and annotations
- Filling form fields
Note that permission flags are honoured by well-behaved readers but are not a strong security boundary on their own — combine them with a password.
Redaction is not hiding
Drawing a black box over text, or changing the font colour to white, leaves the original text in the file — anyone can copy it out. True redaction permanently removes the underlying content. Always use a dedicated redaction tool, then verify by trying to select the area.
Add a password with Protect PDF, or permanently remove content with Redact PDF.