J

James Wright

PDF & Document Specialist

PDF Security Guide: Passwords, Permissions, and Redaction

A comprehensive guide to protecting sensitive information in PDF files using encryption and redaction.

"Securing" a PDF can mean several different things, and confusing them is a common — and dangerous — mistake. This guide explains the three pillars: passwords, permissions, and redaction.

Two kinds of password

A user (open) password is required to open and read the document. An owner (permissions) password leaves the file readable but restricts actions such as printing or copying. A PDF can use either or both.

Encryption strength

Older PDFs used weak 40- or 128-bit RC4 encryption that is trivial to break today. Always choose AES-256 when protecting sensitive material.

Permission flags

  • Printing (and high-resolution printing)
  • Copying text and graphics
  • Editing content and annotations
  • Filling form fields

Note that permission flags are honoured by well-behaved readers but are not a strong security boundary on their own — combine them with a password.

Redaction is not hiding

Drawing a black box over text, or changing the font colour to white, leaves the original text in the file — anyone can copy it out. True redaction permanently removes the underlying content. Always use a dedicated redaction tool, then verify by trying to select the area.

Add a password with Protect PDF, or permanently remove content with Redact PDF.

Frequently asked questions

Is a black box over text the same as redaction?expand_more
No. A black box leaves the underlying text in the file, where it can be copied out. True redaction permanently removes the content.
Which encryption strength should I choose?expand_more
Use AES-256. Older 40-bit and 128-bit RC4 encryption is weak and can be broken quickly.