Password Protection vs Permission Restrictions: PDF Security Explained
Encrypting a PDF and disabling printing are two different things. Here's what each actually protects against and how to use them right.
Password Protection vs Permission Restrictions: PDF Security Explained
When you protect a PDF, you have two separate dials: passwords and permission restrictions. They look similar but protect against different things.
Password protection: real security
Password protection encrypts the content. Without the password, the file is mathematically scrambled. AES-256 (the standard used by SwitchPDF Protect PDF and modern Acrobat) is the same encryption used by banks. Brute-forcing a 12-character random password would take longer than the age of the universe with current computers.
Protects against: Someone obtaining the file without the password — they cannot view, print, copy, or edit.
Does NOT protect against: Someone with both file and password. Screen capture. A trusted recipient sharing the password.
Permission restrictions: a polite request
Permission restrictions are flags that tell the viewer "don't let the user print this." When a compliant viewer (Adobe Reader, Preview, Chrome) opens the PDF, it disables the corresponding UI.
The key word is compliant. The spec asks viewers to respect these flags but has no way to enforce them. Specialized tools (and some everyday CLI utilities) ignore them by design.
Protects against: Casual viewers who would use Print/Copy if available.
Does NOT protect against: Anyone with a tool that ignores the flags. Anyone who screen-captures.
When you'd use each
Password protect when: Content is sensitive. Emailing through untrusted gateway. Archiving private records.
Restrict permissions when: Content isn't deeply sensitive but you want to discourage casual copying. Sharing draft work with a soft "no reuse" signal.
Use both when: Sensitive content AND you want to make it harder for authorized viewers to redistribute.
The most common mistake
Opening a document, ticking "no copy" and "no print" without setting a password, and thinking the document is protected. It isn't. Content is still readable; only the Print/Copy UI is disabled. Anyone with a different viewer can extract everything.
If your goal is to keep content out of the wrong hands, use a password.
Choosing a strong password
- Bad: "password," "1234," your birthday, "company2026"
- Decent: A passphrase of 4–5 random words ("correct horse battery staple")
- Strong: 12+ random characters from a password manager
Send the password through a different channel than the document itself.
Removing protection
If you have the password: SwitchPDF Unlock PDF. If you've forgotten it: no online tool can recover an AES-256 password. Anyone claiming otherwise is selling fake recovery for cheap encryption (no longer used) or scamming you.
Bottom line
- Password = encryption = real security
- Restrictions = polite request, trivially bypassed
- For sensitive content, password protect first. Restrictions are an extra layer, not a substitute.
Related articles
Online PDF Tools vs Desktop Software: Which Should You Use?
Adobe Acrobat costs $15+/month, free online tools are free. The real trade-off is more nuanced than price. Here's when each one is the right choice.
Markdown to Word: A Developer's Guide to Sharing Docs With Non-Developers
You write everything in Markdown. Your clients want Word docs. Here's how to bridge the gap cleanly with the right tools and a few formatting tricks.
Merge, Combine, Batch: Picking the Right PDF Operation
These three words get used interchangeably but mean different things in practice. Here's when each one is the right tool for the job.