Skip to content

Protect PDF with Password

Add a password to a PDF in your browser. The encryption happens locally — the password never touches a server.

In your browseryour files never leave your device.

Learn more

Required to open the PDF.

If set, this password is required to change permissions (print, copy, edit). Leave blank to use the open password for both.

Permissions

What the document is allowed to do once unlocked with the open password.

Encrypted with AES-128, the PDF standard. Your password and PDF never leave your browser — encryption happens 100% locally.

About this tool

Password-protecting a PDF used to mean buying Acrobat or trusting a random web upload with your sensitive document and password in plaintext. This page handles it locally: you drop in a PDF, type a password (twice for confirmation), and the page encrypts the file in your browser using pdf-lib's encrypt() method. The encrypted output prompts for the password in any PDF reader — Preview, Adobe Reader, Chrome, Edge, mobile apps. The password is never sent over the network and never stored anywhere. If you forget it, the file is gone — there is no recovery, by cryptographic design. Save the password somewhere safe (a password manager, an encrypted note) before you close the tab. The how-to below covers the basic flow and the FAQ answers what happens to the recipient's experience, why old PDF readers might struggle, and what the tool deliberately does not do.

How to protect pdf with password

  1. Drop in your PDF

    Single file. The page accepts any standard PDF including ones with content forms, hyperlinks, or embedded images.

  2. Type a password (twice)

    At least 4 characters. Save it somewhere you will not lose it — there is no recovery option built into PDF encryption.

  3. Click Protect

    Encryption runs locally via pdf-lib. A 50-page PDF takes about 2-3 seconds to encrypt on a modern laptop.

  4. Download the protected file

    Opening it in any reader will now prompt for the password. Test it once before sending so you know the protection took correctly.

Why use this tool

You are emailing a signed NDA to someone and the contents are sensitive — putting a password on the file means an intercepted email or a misdelivered attachment cannot be read by accident. You are sharing tax documents with your accountant over a channel you do not fully trust (email, WhatsApp, Slack, a portal that does not have proper access controls). You are sending a payslip, a P60, or an HMRC letter and want the recipient to verify identity (knowledge of the password) before opening it. You are publishing a draft report to a small group and want to keep it off the open internet by making it useless to anyone who happens to find a copy. You are archiving personal documents (identity, financial, medical) to cloud storage and want a second layer of protection in addition to whatever the storage provider does. Encryption is not a substitute for real access control, but for everyday document sharing it raises the bar high enough that casual snooping no longer works.

Features

Browser-side encryption

The password is typed locally, the encryption happens locally in your browser via pdf-lib, and the encrypted PDF is downloaded directly. Open the Network tab to verify nothing related to the password leaves your machine. Most online "protect PDF" tools upload your file and your password in the clear — that is the opposite of what you want when the whole point is protecting a sensitive document.

Standard PDF encryption

pdf-lib uses the standard PDF encryption format. Any modern PDF reader (Preview, Adobe Reader, Chrome, Edge, Firefox, Foxit, mobile apps) will prompt for the password and decrypt correctly. Older readers from before 2017 may not support the latest encryption variants and might prompt to fall back, but that is a tiny minority of installed readers today. The encryption is industry standard, not a custom or proprietary scheme.

Permissions enforced too

The protect action sets standard PDF permission flags: copying disabled, content modification disabled, document assembly disabled, but high-resolution printing allowed and form-filling allowed. So a recipient can open and read the file, fill in any forms, and print, but cannot copy the text out or edit the document. This is the most common permissions profile for shared documents. Adjustable in a future version if there is demand for different combinations.

No size limit and no rate limit

Since the encryption runs in your browser, there is no daily cap, no per-file fee, and no queue. The practical ceiling is browser memory — encrypting a 200MB document takes more RAM than encrypting a 5MB one, but neither is a problem on a modern laptop. Mobile devices can handle PDFs up to about 100MB comfortably before memory becomes the limiting factor.

Privacy & security

This tool runs entirely in your browser. Your files are never uploaded to a server — every step of the process (reading, transforming, downloading) happens on your device using JavaScript and the Web APIs. You can verify this in your browser's network tab: clicking the tool's main action triggers zero requests to our servers. The page itself is served over HTTPS, but once it loads, your data stays put. No accounts, no tracking of file contents, no scanning your inputs.

Frequently asked questions

Is the password sent anywhere?
No. The password is typed into the form, kept in browser memory for the duration of the encryption step, used to compute the encryption key, and discarded when you close the tab. No outgoing network request carries it. You can verify this in the Network tab of your browser's developer tools — there are no POST requests during the encryption step, only the initial page load. The encryption happens in WebAssembly running on your CPU.
What if I forget the password?
The file is unrecoverable. AES with an unknown password is computationally infeasible to break in any practical sense — that is the whole point of the encryption. There is no "reset password" link because that would defeat the security model. Always save the password somewhere safe (password manager, encrypted note, secure document) before you close the tab and especially before you send the file to anyone else. The password is the only way back into the document.
Can the recipient print or copy the protected PDF?
The default permissions allow printing and form-filling but disable copying and modification. So the recipient can read it, print it, and fill in any forms it contains, but they cannot select-copy the text or edit the document content. If you need to lock printing too, that needs a different permissions profile — drop a note in feedback and it will be added as a checkbox option. The current defaults match the most common "share but do not let them mess with it" use case.
What encryption standard is used?
pdf-lib uses the standard PDF security handler. In practice every reader from the last 8+ years handles it fine — Preview on Mac, Adobe Reader, Chrome, Edge, Firefox's built-in pdf.js viewer, mobile apps on iOS and Android. The encryption is symmetric (one password for both reading and modifying), which is the right model for most everyday use cases. Asymmetric encryption with separate read and edit passwords requires a different flow.
Will old PDF readers handle the encrypted file?
Anything from roughly 2017 onward is fine. Older readers (pre-2010 Adobe Reader versions, ancient Mac Preview before macOS 10.7, very old mobile PDF apps) may not support modern encryption and will refuse to open the file or fall back to a downgrade. If you are sending to a recipient with truly archaic software, the encryption is not going to be your only compatibility issue — they probably cannot render modern PDFs reliably anyway.
Can I add different read and edit passwords?
Not in this version. PDF supports separate "user" and "owner" passwords (read vs modify), but currently both use the same password here. Splitting them is on the roadmap because the use case is real: you want recipients to read but not edit, while you yourself have full access to change permissions later. For now, if you need that distinction, use a desktop PDF editor like Acrobat or LibreOffice Draw.
Will protecting a PDF change anything else about it?
File size increases slightly because the encryption header adds some bytes (typically less than 1KB). Visually the document is identical — the same pages, same fonts, same images, same layout. Hyperlinks, bookmarks, and metadata all carry through. The only practical change is that opening the file requires the password. Selectable text remains selectable after decryption (assuming the recipient has the password).
How strong is the password I should pick?
At least 12 characters with a mix of letters, numbers, and symbols if the document is genuinely sensitive. A 4-character password (the minimum the tool accepts) is fine for casual "do not let casual snoopers in" use but is brute-forceable in seconds by anyone determined. The encryption is only as strong as the password. For high-value documents, use a password manager to generate a 16+ character random string and save it there.
Can I re-protect a PDF that is already encrypted?
Not directly in one step. Unlock it first with the PDF unlock tool (you need the existing password), then run it through this tool with the new password. The two-step flow is intentional — chaining encryption operations directly would make the tool more complex and harder to reason about. The unlock tool is in the related-tools list at the bottom of the page.
Does the protection prevent screenshots?
No, and nothing can. Once the recipient has decrypted the file with the password and is reading it on their screen, they can take a screenshot, photograph the screen with another device, or use OCR on the rendered page. PDF encryption protects against unauthorized opening, not against authorized users redistributing what they see. For that you need DRM (Adobe LiveCycle, FileOpen) which is well beyond the scope of a free browser tool.
Can I share a protected PDF over insecure channels?
The encryption holds even on insecure channels — that is the point. An intercepted email or a misdelivered attachment cannot be read without the password. The weak link is how you share the password itself; sending it in the same email as the file defeats the purpose. Use a different channel (a phone call, a different messaging app, a password manager's secure-share feature) for the password. The classic mistake is emailing both together.
Will the protection work if the recipient prints to PDF again?
If they have opened the file with the password, they can re-print it (with permissions set to allow printing — the default here does) and the resulting print-to-PDF will be unencrypted. This is by design — they have already been authorized to read it. PDF encryption is gating access, not preventing copies after access is granted. If you need to prevent re-distribution after a recipient has access, you need DRM and a controlled reader app, neither of which standard PDF supports.
How does PDF encryption compare to ZIP password protection?
PDF encryption (AES) is significantly stronger than the password protection used by classic ZIP files (which used the old ZipCrypto algorithm, breakable in minutes with modern tools). Modern ZIP variants (AES-encrypted .zipx) are roughly equivalent in strength to PDF AES. So if you have a choice between sharing a password-protected PDF or a password-protected classic ZIP containing a regular PDF, the PDF route is more secure end-to-end. For multi-file sharing, AES-encrypted ZIP (via 7-Zip or WinRAR) is reasonable.
Can I protect a PDF that already contains forms or annotations?
Yes. Forms, annotations, hyperlinks, and bookmarks all carry through the encryption — they remain in the document and become usable again once the recipient enters the password. The encryption protects the document content; it does not strip out PDF features. Form filling stays allowed by default permission flags, so a recipient who knows the password can read and fill in your protected form.