How to Password Protect a PDF

Sending a contract, a payslip, a board pack, a medical report. Any document where the recipient is the only person who should be able to open it. PDF password protection is the single most practical tool for that — cheaper than a secure-transfer service, easier than encrypting an email, and standard enough that the recipient already knows what to do. This guide covers how to password protect a PDF with Flint's Password Protect PDF tool, what AES-256 actually means, and the small set of habits that make the protection meaningful rather than theatrical.

When password protection is the right answer

It isn't the right answer for everything. Public documents don't need it. Internal documents you already share through a permissioned system (Drive, SharePoint, your company wiki) get protection from that system, not from an extra password on top. Where a password on the PDF really helps:

Email attachments going outside your organisation. Once a PDF leaves your domain, the receiving inbox could be forwarded, archived, synced, or breached. A password limits the blast radius if any of that happens.
Files that'll sit in cloud storage. Whatever the provider's security claims, a locally-encrypted PDF in Dropbox or Google Drive is safer than an unencrypted one.
Documents you need to prove you secured. GDPR-style obligations sometimes require a demonstrable measure. AES-256 on a PDF is a reasonable measure.

AES-256, in plain English

AES-256 is the encryption algorithm Flint uses to lock your PDF. Some background, kept short:

AES stands for Advanced Encryption Standard. It's the algorithm chosen by the US government in 2001 to replace DES. Twenty-odd years later it's still the standard everyone uses for symmetric encryption — banks, governments, secure messengers, full-disk encryption on your laptop.
256 refers to the key length, in bits. A 256-bit key has roughly 10⁷⁷ possible values. To put that in perspective: there are about 10⁸⁰ atoms in the observable universe. Brute-forcing AES-256 is not computationally feasible with current or near-future hardware.
What actually gets attacked isn't the algorithm — it's the password. AES-256 with a weak password is no stronger than the password. AES-256 with a strong password is essentially unbreakable. Which leads us to the part that matters.

Picking a password that actually helps

Modern guidance on passwords has shifted. The old advice — “use uppercase, lowercase, numbers, symbols, change it every 90 days” — has been quietly walked back by NIST and the UK's NCSC. The new consensus is simpler:

Length beats complexity. A 20-character passphrase made of four random words is dramatically harder to crack than an 8-character “P@ssw0rd!”. Aim for 16+ characters.
Random words, not memorable phrases. “correct horse battery staple” is the textbook example. Pick four genuinely random nouns and string them together. Easy to type, easy to dictate over the phone, hard to brute-force.
Don't reuse passwords across files. Use a password manager and generate a unique one per PDF. If one ever leaks, only that file is exposed.
Avoid personal information. No birthdays, no children's names, no pet names. These are the first things tried in a targeted attack.

User vs owner passwords — what's the difference?

PDF supports two kinds of password. Most tools (Flint included) handle both, but the names confuse people. The distinction:

User password (open password). This is required to open the file. Without it, the PDF can't be read at all. This is what most people mean when they say “password protect a PDF”.
Owner password (permissions password). This controls what someone can do with the fileafter they've opened it — print, copy text, edit, fill forms. Set it if you want the recipient to be able to read but not modify the document.

You can set both at once. In practice, most people only need the user password. Owner-password permissions are honoured by mainstream PDF readers but trivially bypassed by purpose-built tools — they're a speed-bump, not a wall.

How to password protect a PDF in Flint

Open the Flint Password Protect PDF tool in any browser. Three steps.

Upload the PDF you want to lock

Drag your file onto the upload card or browse for it. Files up to 250 MB are supported on Pro. The PDF stays in your private Flint library throughout — we don't share or train on its contents.

Set a strong password

Enter your chosen password. Confirm it once. We recommend a 16+ character passphrase of random words. Optionally also set an owner password and pick which permissions (print, copy, edit) you want to restrict.

Encrypt with AES-256 and download

Flint encrypts the PDF using AES-256 (we use@cantoo/pdf-lib under the hood). The encrypted file is delivered to the editor. From there you can download it and send it on — or run any other Flint tool against the unencrypted version still in your library.

What to do once the file is encrypted

A few sensible follow-ups depending on why you encrypted in the first place:

Pre-send: sign it. Many password-protected documents are contracts. Use Sign PDF to add your signature before encrypting — the encryption preserves the signature inside the locked file.
Pre-send: redact what doesn't need to be shared. Encryption protects the file from unwanted eyes; redaction permanently removes content even from the people who do have the password. Use Redact PDF for the second case.
Compress before encrypting. An encrypted PDF doesn't compress further afterwards (encrypted bytes are essentially random, so compressors can't find patterns to exploit). Run Compress PDF first if you need a smaller email attachment.
Need to unlock it later? Use Unlock PDF with the password to produce an unencrypted copy. We never crack passwords — you bring yours, we use it to decrypt.

Other ways to encrypt a PDF

Microsoft Word “Save As” with password

If your source is a Word document, File → Save As → PDF → Options → “Encrypt document with a password”. Works fine; uses a slightly older encryption variant on some Word versions. Fine for casual use, not always state-of-the-art.

macOS Preview

Open the PDF in Preview, File → Export → Encrypt. Free, built in, perfectly good. Mac-only. Doesn't handle owner-password permissions as granularly as dedicated tools.

Adobe Acrobat

Acrobat does the job properly — it's their format, after all. The catch is the price and the desktop install.

Flint (the case for it)

Browser-based, uses AES-256 by default with no toggles to get wrong, and the surrounding toolkit (sign, redact, merge, compress, unlock) lives in the same workspace. Most password-protection tasks are part of a small chain of actions; doing them all in one tab is much faster than juggling apps.

Practical tips for real-world password protection

Tell the recipient what to expect. “The file is password protected, I'll text you the password” saves a confused reply email.
Pick a passphrase you can dictate over the phone. Random words win again — “canyon maple velvet lantern” is easier to spell out than “X3#mP9aQz!”.
Document the password somewhere safe. A password manager entry titled with the recipient and the date. Future-you will need it.
Rotate per-file, not per-day. Each document gets its own password. You don't need to change the password on existing files — they're already out in the world.
Don't protect what doesn't need protecting. Password-protecting a marketing brochure annoys the recipient and signals that you can't tell which documents are sensitive.

Password protecting PDFs: frequently asked questions

How strong is AES-256?

Strong enough that the algorithm itself is not the weakness — your password is. A 256-bit key cannot be brute-forced with current technology. A 6-character password can be, in minutes. Use a 16+ character passphrase and you're in good shape.

What happens if I forget the password?

Flint can't recover it. We don't store your password — the file is encrypted with it client-side cryptography on our server, and the password isn't retained. If you lose it, the document is effectively unreadable. Always save your password somewhere safe (a password manager is ideal).

Will every PDF reader respect the password?

Yes for the user (open) password — every mainstream reader honours it. The owner password / permissions restrictions are honoured by most readers but bypassable by tools designed to ignore them. Don't rely on owner-password permissions for serious security.

Can I encrypt a PDF that's already locked?

Not directly — you'd need to unlock it first using its current password, then re-encrypt with the new one.

Does encryption work on signed PDFs?

Yes. Sign first, then encrypt. The signature is preserved inside the encrypted file and remains valid on decryption.

Is my file private?

Yes. Files stay in your private Flint library, never shared, never used for training. Delete from My Documents when you're done.

What's the maximum file size?

Flint Pro accepts files up to 250 MB.

Ready to lock a PDF?

Drop your file into Flint's Password Protect PDF tool, pick a strong passphrase, and you'll have an AES-256-encrypted document ready to send. Just remember to share the password through a different channel from the file itself.