PDF passwords are one of the most misunderstood security features in everyday use — useful for the right situation, but frequently applied in situations where they don't actually do what people expect.
1. There are two different passwords
An open password is required just to view the file at all. A permissions password allows viewing but restricts actions like printing, copying text, or editing — and it's far weaker, since most PDF readers apply these restrictions client-side rather than enforcing them cryptographically.
2. It protects the file, not the channel
A password-protected PDF sent over an unencrypted email is still exposed in other ways — the subject line, sender, recipient, and the fact that a file was sent at all remain fully visible. The password only protects the content once someone has the file.
3. Weak passwords defeat the purpose
A short, guessable password on a PDF is not meaningfully more secure than no password, given how fast modern hardware can attempt combinations. Treat a PDF password with the same care as any other account password.
4. Forgotten passwords usually mean starting over
If you set an open password and forget it, there's no reliable "recover" option for well-implemented encryption — the honest answer is that the content is inaccessible unless you have the original unprotected source file.
5. Removing a password you do know is straightforward
If you have the correct password, unlocking the file to remove protection — for example, before merging it with other files — is a single-step process, not something that requires the original creator's tool.
6. Permissions restrictions are easy to bypass
Someone determined to copy "uncopyable" text from a permissions-restricted PDF usually can, through screenshots or OCR. Use permission restrictions as a soft deterrent, not a security guarantee.
7. Encryption strength varies
Modern PDF encryption standards are strong when implemented correctly, but very old PDFs may use outdated, weaker encryption. If security genuinely matters, re-save older protected files with current tools rather than assuming decades-old protection still holds up.