PDF files and password protection
Protecting PDF files with passwords is a common practise used by businesses. Large numbers of employees adopt the method of applying passwords to protect their PDF documents. Most people are of the opinion that a password protected PDF file is safe and secure and its contents guarded. This, however, is not necessarily true. Why?
A large number of PDF software applications incorporate password protected functionality in order to secure PDF data. So the question arises, why not make use of it? It is far better to password protect PDF documents than not doing so at all. However, there are a number of factors that actually determine how safe such “PDF protected files” really are.
Firstly, let us presume that the PDF file that has been password protected falls into malicious hands, for example a hacker, who wants to steal the contents within the file. All that the hacker now needs to do is to assess how to gain access to the protected contents within the PDF protected file. How, then, can the unauthorised user break into a secure password-protected PDF document?
A simple search on any major search engine across the Internet will throw up dozens of PDF password hacking software applications as well as password cracking tools for PDF documents. In addition, there are a number of “password recovery” applications and programs that can be used by hackers and malicious individuals to gain unauthorised access to password protected PDF files. Given the kind of password breaking utilities available at hand, anyone can easily break into weak password protected PDF documents.
There are a number of issues concerning password protected PDF documents, and unlawful access to the contents of the document is not just the only complication. Any individual who has gained access to the contents in the password protect PDF files can also edit, remove, alter as well as delete the contents and re-protect it with the original password in a manner that is completely undetectable, thus altering the original password protected PDF file. A solution to this would be to also digitally sign the PDF document so that recipients would know whether it had been altered or not.
If encrypted PDF documents are to be used, one must ensure that the PDF documents are protected with strong encryption. In addition, if passwords must be utilized, strong passwords containing lowercase and uppercase characters, including symbols, spaces and numbers must be employed. And the longer the password you use, the longer it will take to be broken. Do not go for a password that can be easily found in a dictionary since many password crackers use dictionary attacks as one of their many methods to break password protected PDF files. If the PDF document needs to be sent to multiple parties within different organizations, do not employ the same password for all companies. Whilst this still does not stop users sharing the password with others it may help in identifying a leak if the PDF file and its password is uploaded to the Internet.
It has been seen time and time again, in spite of repeated cautionary notes and warnings, businesses continue to use poor passwords, such as a simple word found in a dictionary, and employ the same password across all encrypted PDF files. Most employees claim that this is usually done in order to make it easier for recipients, but in effect the attempt at encrypting the PDF file is nullified.
So PDF password protection is probably only right for your business if the information inside your PDF files is not of any specific value. You cannot prevent users sharing passwords with others and that is the only security backing up the system. The password is only of use if you are sending a protected PDF file to a known recipient who would not want to disclose the PDF contents to anyone else. Restrictions imposed on a PDF document (preventing printing, editing, etc.) can also be easily removed by password cracking tools so it is important to remember this if you are relying on this ‘security’ to protect your PDF documents against misuse.
If you want actual security for your PDF documents then choose a system that does not rely on passwords for its security. Locklizard for example provide PDF security software that protects PDF documents without passwords, and enforces their use wherever they reside. The system automatically locks PDF files to authorized devices so they cannot be shared, controls printing, stops screen grabbing, applies dynamic watermarks, and enables the document owner to expire and revoke content at any time.