The Ultimate Guide to PDF Security in 2026

PDFs support two distinct passwords, and confusing them is the most common PDF security mistake. The open password (also called the user password or document open password) is required to open and view the document. Anyone without this password sees only an encrypted file they cannot read. This is the appropriate protection for confidential documents: financial reports, legal filings, medical records, HR documents. The permissions password (also called the owner password or master password) does not restrict opening the document — anyone can open it without this password. Instead, it restricts what authorized viewers can do: printing, copying text, editing, extracting pages, and adding annotations can each be individually restricted. The permissions password is appropriate when you want a document to be readable by anyone but not printable or copyable — a terms-of-service document, a watermarked preview of a paid report. LazyPDF's protect tool sets both types. You choose which restrictions to apply for the permissions password, or leave it unset and use only an open password.

1. 1Open lazy-pdf.com/protect and upload your PDF
2. 2Set an open password if the document should only be viewable by specific people
3. 3Set a permissions password if the document should be readable but not printable or copyable
4. 4Download the protected PDF and communicate the open password through a channel separate from the document

Not all PDF encryption is equal. Early PDF versions used RC4 encryption, which is now cryptographically broken and can be defeated with modern tools in seconds. PDFs encrypted with 40-bit RC4 (PDF 1.4 and earlier) are essentially unprotected against a motivated attacker. PDFs with 128-bit RC4 (PDF 1.5–1.6) are more resistant but still vulnerable to modern GPU-based cracking tools given weak passwords. AES-128 encryption (PDF 1.6, compatible with Acrobat 7 and later) and AES-256 encryption (PDF 1.7 extension 3, Acrobat 9 and later) represent the current standard. With a strong password, AES-256 encrypted PDFs are effectively unbreakable with current computing resources. LazyPDF uses AES-128 encryption, which is strong enough for virtually all practical document security needs and compatible with all modern PDF viewers. The distinction matters for genuinely sensitive content where you need the document to remain confidential against a sophisticated attacker.

1. 1For general document protection: AES-128 is sufficient — use LazyPDF's protect tool
2. 2For highly sensitive content (legal filings, financial disclosures): use Acrobat Pro for AES-256
3. 3Always use a strong password: 12+ characters, mixing letters, numbers, and symbols
4. 4Never use the same password across multiple documents — if one is compromised, all are vulnerable

A watermark on a PDF does not protect the content — anyone can open and read a watermarked PDF. Its security function is deterrence and attribution: a visible 'CONFIDENTIAL' watermark signals that the document is sensitive and should not be redistributed. A watermark with the recipient's name or ID number creates accountability, making it harder to share without the sharer being identifiable. LazyPDF's watermark tool adds text watermarks across all pages of a PDF. For maximum deterrence, use a semi-transparent watermark in a contrasting color positioned diagonally across the page center — the most visible placement. For attribution watermarks, include the recipient's name or ID: 'COPY FOR: John Smith — CONFIDENTIAL'. This approach is used by publishers, training companies, and media organizations to track document distribution. It does not prevent copying, but it makes casual redistribution less likely and provides evidence if a watermarked copy appears somewhere it should not.

1. 1Upload your document to lazy-pdf.com/watermark
2. 2Enter your watermark text — 'CONFIDENTIAL', 'DRAFT', or the recipient's name
3. 3Adjust opacity and position for the appropriate visibility level
4. 4Combine with password protection for documents requiring both deterrence and access control

Password protection should be removable when you are the authorized owner of the document. If you encrypted a document with a password you no longer need — the confidential review period is over, the document is being published publicly — removing the protection makes it more accessible. LazyPDF's unlock tool removes both open passwords and permissions restrictions from PDFs where you know the password. Enter the existing password, and the tool outputs an unencrypted version. Important: you should only remove password protection from documents you have legal authorization to access. Using an unlock tool to bypass protection on a document you do not own is unauthorized access regardless of technical feasibility. For your own documents where you have forgotten the password, password recovery tools exist but the legality and success rate depend on the encryption strength and password complexity. With strong AES encryption and a complex password, recovery is computationally infeasible.