top of page

We periodically field questions about password-protecting a PDF to prevent the wrong people from reading it. Lawyers want to ensure that drafts of legal documents don’t fall into the wrong hands, financial advisers want to keep confidential financial information private, and authors want to prevent their writing from being shared broadly on the Internet. Others don’t worry so much about a document being read but want to ensure that it can’t be changed or printed.


PDF provides options for password-protecting documents for just these reasons, and you can add such protection to your PDFs in both Apple’s Preview and Adobe Acrobat. We’ll explain how to do that, but before we do, we want to share some best practices to increase the likelihood that your PDFs will remain protected as you wish.


Also, if you’re looking for a comprehensive solution to protecting lots of documents for a wide variety of situations, you’d be better off investigating document digital rights management systems along the lines of LockLizard and Vitrium.


Best Practices for Password-Protecting PDFs

There’s no such thing as perfect security, especially when you want to share information with others rather than just keeping it as your own secret. But you can increase the security of shared documents with these best practices.

  • Use strong passwords: All PDF passwords should be longer than 12 characters and include uppercase and lowercase letters, numbers, and punctuation, without using dictionary words or well-known number/letter substitutions. A plethora of online PDF unlocking tools can remove weak passwords, and passwords should be strong enough to withstand brute force and dictionary attacks from a determined attacker who could bring significant computing resources to bear.

  • Focus on Document Open passwords: PDFs can have two passwords: the Document Open password that users must enter to open the document and a Permissions password that restricts actions like editing, printing, and copying. Even if you mainly want to restrict actions, it’s worth setting a Document Open password because the Permissions password’s restrictions can be bypassed by third-party utilities or by screenshots and Live Text.

  • Share passwords out of band: When sharing a protected PDF with someone, send them the password via a different communications channel. So, if you email the PDF, give them the password via Messages or a voice call. That way, if an attacker gains access to the PDF, they won’t also have the password sitting next to it.

  • Educate recipients: When you share a user password with someone else, they can give it to anyone they want and, depending on how you set things up, remove the protection from the document. In short, your document security is only as strong as your recipients want it to be, so make sure to communicate your wishes to them.

  • Watermark documents: Along those lines, it may be worth adding a header/footer or watermark that identifies the document as Confidential or Draft to clarify why it shouldn’t be shared.

  • Avoid online tools: Numerous websites offer PDF utility functions, such as adding passwords, watermarking, merging and splitting, conversion, and more. There’s no harm in using them with documents you don’t care about, but if you’re concerned enough to password-protect a PDF, don’t upload it to a website with unknown security and document retention policies.

  • Clear metadata: Passwords protect PDF content, but not necessarily metadata that might include the author’s name, employer, and keywords.

  • Use Adobe Acrobat: Apple’s Preview is a decent PDF app and offers basic password-protection capabilities, but for more protection capabilities and options, use the full-featured Adobe Acrobat. Preview is OK for those who need to protect an occasional PDF, but Acrobat is a better choice if protecting PDFs is essential for your situation.

Password-Protect a PDF Using Preview

It’s easy to add password protection to a PDF with Preview. Apple recommends a slightly fussier approach that involves setting the permissions during an export, although we didn’t find that it made any difference. Apple is likely trying to get you to make a copy so you don’t password-protect your original, but it’s easier to duplicate the file in the Finder first with File > Duplicate. Here’s the simple method:


  1. With a copy of a PDF open in Preview, choose File > Edit Permissions to display the permissions dialog.

  2. Select Require Password To Open Document, and enter the desired Document Open password twice.

  3. Deselect desired checkboxes in the Permissions section to restrict those activities.

  4. Enter the Owner (Permissions) password twice at the bottom of the dialog. It should be different from the Document Open password. Either will open the document, but only the Owner (Permissions) password will allow the document to be printed, copied, or edited as per those checkboxes.

  5. Click Apply and save the document.

Password-Protect a PDF Using Adobe Acrobat

Adobe has extensive instructions on password-protecting PDFs using Acrobat in different scenarios, but the basics are still simple.


  1. With a copy of a PDF open in Acrobat, choose File > Protect Using Password to open the password dialog.

  2. Select Viewing to add a Document Open password or Editing to add a Permissions password.

  3. Enter the password, and retype it to confirm it.

  4. Click Apply and save the document.

For a simple Document Open password, you’re all done, but if you want to set specific printing, editing, and copying restrictions, follow these steps:






















1. Choose Edit > Protection > Security Properties to open the Document Properties dialog with the Security tab selected.


2. Next to Security Method (which should be set to Password Security), click Change Settings to open the Password Security - Settings dialog.In the Permissions section, select the desired options to restrict printing, editing, and copying text in various ways.


3. In the Permissions section, select the desired options to restrict printing, editing, and copying text in various ways.


4. Click OK and, when prompted, confirm the passwords you’ve entered.


5. Dismiss the Document Properties dialog and save the document.




Password-protecting a PDF can be helpful when you want to ensure a PDF containing sensitive information can’t be viewed or edited by the wrong people. Make sure to use strong passwords since weak passwords are so easily removed!

The European Union has for many years required that websites—at least those serving European users—gain informed consent before storing the personal data of those users. That data includes cookies, which are bits of information stored in Web browsers that websites can read and write. Cookies are widely used for remembering login information, saving user account information, maintaining a shopping cart, and other legitimate purposes. However, they’re also used to target advertising at you by tracking your behavior across websites, which many people consider to be an abuse of user privacy. Hence the EU’s ePrivacy Directive, which resulted in the proliferation of cookie consent popups like this one.


Websites that rely on advertising or user tracking prefer that everyone click Accept All, but because of the EU requirement for informed consent, they have to tell you more about the cookies they use, explain why they want to use them, and allow you to reject types of cookies. Clicking Customize in the cookie consent popup above presents this expanded view. So many details!


On the one hand, thanks to the EU for working to safeguard user privacy. Without laws like the ePrivacy Directive and the overarching General Data Protection Regulation (GDPR), the Web would be even more of a sausage factory that grinds up and sells our personal data.


On the other hand, could cookie consent popups on nearly every website be any more annoying?!? While it’s a nice idea that we provide informed consent for cookies, few people have the time and inclination to read all this and make an informed decision. If you’re like us, you’re probably mashing Reject All as fast as you can. And even that is more effort than you’d prefer to expend.


Happily, there are Web browser extensions that can simplify your life, responding to cookie consent popups automatically using preferences you set once. Why can’t Web browsers do this themselves? They could, and the privacy-focused Brave does, but the W3C’s Platform for Privacy Preferences working group’s recommendations for standardizing behavior around privacy were ignored by browser makers and dropped back in 2006.


Two browser extensions we’ve tested successfully in multiple Mac browsers are Consent-O-Matic and Super Agent. They work by learning how to interact with the common consent popups (many of which come from Consent Management Platforms like Osano and CookieYes) and automatically clicking the switches to match your preferences. More specifically, the Hush extension blocks cookie consent popups in Safari on the iPhone, iPad, and Mac.

Consent-O-Matic

The open-source Consent-O-Matic is free from privacy researchers at Aarhus University. It comes as a Chrome extension that works with Google Chrome (and other Chromium browsers like Arc, Brave, and Edge, shown below), as an add-on for Firefox, and as an extension for Safari on the Mac and Safari in iOS and iPadOS. Consent-O-Matic works reasonably well on the Mac; in testing, it wasn’t effective enough in Safari on the iPhone and iPad to be worth installing. Installation and interface vary by browser—the Chrome extension is shown below.


By default, Consent-O-Matic allows no cookies, though we recommend enabling the Preferences and Functionality option and, if you’re feeling generous toward websites, the Performance and Analytics option. The first option improves your experience on any site where it’s helpful for it to remember information about you, and the second allows the website admins to collect metrics on how the site is being used. If a site doesn’t work correctly with Consent-O-Matic enabled, you can turn off the extension for just that site. In the Display preferences, you can choose whether Consent-O-Matic minimizes consent popups or hides them entirely, and on the About screen, you’ll see how many clicks it has saved you.


Super Agent

Super Agent seems to focus its paid plans on its version for the iPhone and iPad, but we didn’t find it effective enough there to install. On the Mac, however, Super Agent is free and works well, perhaps a bit more so than Consent-O-Matic. It’s available as a Chrome extension for Google Chrome and other Chromium browsers, as a Firefox add-on, and as a Safari extension. Installation and interface vary by browser—the Chrome extension is shown below.


Your first task in Super Agent is to set your preferences for cookies to accept. Again, we recommend enabling Functional cookies; turn on Performance cookies if you wish. Leave Advertising and Other cookies off.


Although it’s not required, you can create a Super Agent account and enable the Consent Trail switch to see a list of the sites whose cookie consent popups Super Agent filled out for you. It’s end-to-end encrypted so that only you can see the data, but if you’re particularly concerned about privacy, don’t turn it on.


Hush

What about the iPhone and iPad, or those who care only about Safari on the Mac? We recommend Joel Arvidsson’s Hush, which bills itself as a nag blocker. It’s a free download from the App Store, and once it’s on your device, you enable it in Settings > Safari > Extensions > Hush (iOS/iPadOS) or Safari > Settings > Extensions (Mac).


That’s it. From then on, it silently blocks cookie consent popups—it doesn’t attempt to register your preferences like Consent-O-Matic and Super Agent. As a result, it might cause problems if a site requires that you accept some cookies for it to function correctly. We haven’t encountered such a site yet, but it’s not impossible. If that happens on an iPhone or iPad, tap the AA button in the Safari address bar and then Turn On Content Blockers; on the Mac, choose View > Reload Without Content Blockers.


The Web is an ever-evolving place, so there’s no guarantee that these extensions will respond to or block every cookie consent popup. But you can report missed sites to the Content-O-Matic and Super Agent developers, and Joel Arvidsson releases regular updates to block more nags and fix partially broken websites.


If you use only Safari for Web browsing, Hush could be all you need on all your Apple devices. Those who rely on other Web browsers on the Mac can pick either Consent-O-Matic or Super Agent to supplement Hush on the iPhone and iPad.

We’ve helped some clients recently with networking problems that seemed to be related to Internet connections. Most notable was intermittently slow Internet performance, causing the client to call their ISP to upgrade to a higher bandwidth connection with guaranteed throughput. But that extra monthly expense turned out to be unnecessary once we tracked the problem to a malfunctioning cable modem. Other problems we’ve seen involved occasional network dropouts (a bad Ethernet switch), flaky Wi-Fi access (a dying AirPort base station), and Internet slowdowns (squirrels gnawing on an outdoor coaxial cable).


Networking infrastructure is often the very definition of “out of sight, out of mind.” Modems, routers, and switches are usually hidden away in corners, closets, or machine rooms where few people notice them regularly. In addition, most users rely on Wi-Fi–equipped laptops, tablets, and smartphones and put no thought into how those Wi-Fi connections get their Internet access. Nor do many people realize the extent that physical cables—Ethernet, coaxial, fiber optic—are required.


Plus, because network cables and gear are so hidden, they tend to stay in place for years. For the most part, that’s fine. Most network devices other than those involving network-attached storage have no moving parts to fail, and cables that aren’t exposed to extreme environmental conditions or physical movement will last for a long time. But even solid-state electronic devices wear out, and while cables seldom degrade on their own, they’re easily damaged by movement. And never underestimate the damage mice and squirrels can inflict!


It’s worth making sure you or someone in your organization has a solid knowledge—and documentation—of your network infrastructure. For instance, can someone answer these questions:

  • Where does your Internet connection come into the building?

  • What cable modem or other router are you using? Do you own or rent it?

  • Does your network rely on multiple Ethernet switches? Other networking gear?

  • Is your Ethernet cabling Cat 5 (obsolete, limited to 100 Mbps), Cat 5e (capable of 1 Gbps), Cat 6 (up to 10 Gbps), Cat 6a (10 Gbps at longer distances), or Cat 6e (a meaningless marketing term)?

  • Where is your Ethernet cable strung, and is it reasonably accessible? Can you isolate portions of your network for testing?

We also recommend putting an installation date sticker on the bottom of your network devices. That way, if you’re troubleshooting a problem like poor performance or intermittent connections, you can check quickly to see if any suspect devices are truly ancient. Even when older devices like cable modems seem to be working correctly, they may lack support for newer standards or firmware updates that provide better stability and throughput. We’ve also seen that issue with powerline networking adapters that are useful for extending connectivity to areas that can’t easily be served by Wi-Fi or Ethernet—newer adapters can provide significantly more performance. Plus, hardware does degrade over time—in particular, we’ve seen Ethernet switches and Wi-Fi routers get flaky as they age.


Finally, if solving a network problem requires new gear or cables, we strongly encourage purchasing quality hardware and cabling. Spending a little more upfront can save a lot of money in troubleshooting down the road, especially when it comes to pulling new cables.



bottom of page