How to Password Protect a PDF (Windows, Mac, Linux, Online) — 2026 Guide

TL;DR: To password protect a PDF in 2026: on Windows, use Adobe Acrobat (Pro) → File → Protect Using Password → set Open password with AES-256 encryption. On macOS, use Preview → File → Export → tick Encrypt and set a password. Free without Acrobat: open the PDF in Microsoft Word → Save As → PDF → Options → "Encrypt the document with a password" (AES-256). Online, use a reputable tool like Adobe's free online password protector — but never use a no-name "online PDF encrypt" site for sensitive files (you're uploading the unencrypted PDF to their server). And avoid the legacy 40-bit RC4 encryption option — it's been broken for decades; pick AES-256 every time.

I get this from accountants, lawyers, contractors, and HR managers about once a week — "I have a sensitive PDF, how do I put a password on it before I email it?" The good news: every major OS already has a way to do this, no extra software needed. The bad news: half the popular how-to articles out there still recommend tools that use 40-bit RC4 encryption, which has been crackable on a laptop since 2009.

This guide covers every method that actually produces a properly encrypted PDF in 2026 — Windows, Mac, Linux, command line, online — with the single setting most people miss (AES-256 vs RC4), and what to do if your recipient is non-technical.

Quick Answer: How to Password Protect a PDF

If you just want the fastest path:

• Have Adobe Acrobat Pro: open the PDF → File → Protect Using Password → choose Open password → enter password → make sure encryption level is AES-256 → save.
• macOS, no Acrobat: open in Preview → File → Export → tick Encrypt → set password → Save.
• Windows, no Acrobat: open the source document in Microsoft Word → File → Save As → PDF → click Options → tick "Encrypt the document with a password" → save.
• Free / cross-platform: Adobe's free online PDF password tool (browser-only, processes in their cloud — fine for non-sensitive docs).
• Linux / power users: qpdf --encrypt USERPASS OWNERPASS 256 -- input.pdf output.pdf

If you want the full walkthrough with screenshots, the encryption-strength gotcha, and what to do when the recipient can't open the file — read on.

Method 1: Password Protect a PDF With Adobe Acrobat Pro (Windows / Mac)

Adobe Acrobat Pro is the gold standard because it gives you fine-grained control over which encryption algorithm is used. The free Adobe Acrobat Reader cannot password-protect PDFs — only Pro can.

Step 1: Open the PDF

Launch Acrobat Pro and open the PDF you want to protect.

Step 2: Add password protection

• Newer Acrobat (2024+): All tools → Protect a PDF → Protect with password
• Older Acrobat (DC / 2020): File → Protect Using Password

You'll be asked whether the password is required to Open the document or only to Edit it. For "I'm sending this to someone confidentially," choose Open. The Edit-only option still lets anyone open and read the file.

Step 3: Set the password and encryption level

Enter your password twice (more on what makes a good PDF password below). Then check the encryption settings — this is the step most guides skip:

Click Apply / OK, then File → Save As with a new filename (Acrobat doesn't overwrite the original by default).

Step 4: Verify the password works

Close the file, reopen it, and confirm you're prompted for the password. Then try opening it with a wrong password — you should get a clean "incorrect password" error, not partial content. If wrong passwords let any data through, the encryption isn't working correctly.

Method 2: Password Protect a PDF on Mac With Preview (Free, Built-In)

macOS Preview can password-protect any PDF without installing anything. It's been there since macOS 10.4. The default encryption is AES-128 on older macOS versions and AES-256 on macOS Ventura (13) and newer.

Step-by-step

1. Open the PDF in Preview (double-click; Preview is the default).
2. File → Export (not "Save" — Export gives you the encryption option).
3. In the export dialog, choose PDF as the format if it isn't already.
4. Tick Encrypt at the bottom.
5. Enter your password twice.
6. Click Save.

Preview's encryption is AES-256 on modern macOS — verified by opening the resulting PDF in Acrobat and checking Properties → Security.

Where Preview falls short

• No control over permission settings (printing, copying, editing) beyond Open password
• No way to set a separate Owner password from the User password
• Doesn't tell you which encryption algorithm it used — you have to inspect the saved file to confirm

For most "send this confidential PDF" use cases, that's fine. For granular permission control, use Acrobat.

Method 3: Password Protect a PDF on Windows Using Microsoft Word (Free)

If you have Microsoft Word (any version from 2016 onward), you can password-protect any document you save as PDF — without Acrobat.

Step-by-step

1. Open the source document in Word (or convert an existing PDF to Word first if needed).
2. File → Save As.
3. Choose PDF (*.pdf) as the format.
4. Click Options below the filename field.
5. In the Options dialog, tick Encrypt the document with a password.
6. Click OK, then enter the password twice.
7. Save.

Word's PDF encryption is AES-256 in 2016 and later. The resulting PDF prompts for the password in any PDF reader.

Where Word falls short

• Only works if you have the source as a Word doc (or can convert). You can't password-protect an existing PDF directly from Word — you'd have to import it to Word first, which usually mangles formatting.
• No permission-level controls.

Method 4: Password Protect a PDF Online (Free, Cross-Platform)

If you can't install software or don't have Acrobat / Word, online tools work — with one major caveat.

Recommended: Adobe's free online password tool

Adobe's password-protect-PDF tool is free, works in any browser, and uses AES-256. It's the same encryption pipeline as Acrobat Pro, just exposed as a web service.

Other reputable options

• Smallpdf — free up to 2 PDFs/day; uses AES-128 by default
• iLovePDF — free; AES-128
• Sejda — free up to 200 pages; AES-128

The caveat: trust

When you use an online PDF password tool, you're uploading your unencrypted PDF to that company's servers. They encrypt it and return the protected version, but during processing your file is in their possession in plaintext. For non-sensitive content (a personal letter, a CV) this is fine. For anything with PII, financial data, medical records, or NDA-bound material — don't use an online tool. Use Acrobat, Preview, or Word locally, where the file never leaves your machine.

Method 5: Password Protect a PDF on Linux With qpdf (Command Line)

For Linux users (and macOS users who like the terminal), qpdf is the cleanest open-source option.

Install

sudo apt install qpdf           # Debian / Ubuntu
sudo dnf install qpdf           # Fedora
brew install qpdf               # macOS

Encrypt with AES-256

qpdf --encrypt USER_PASSWORD OWNER_PASSWORD 256 \
     --print=full --modify=none --extract=n -- \
     input.pdf encrypted-output.pdf

Breakdown:

• USER_PASSWORD — what the recipient types to open the file
• OWNER_PASSWORD — the full-access password (you set this; recipient doesn't see it)
• 256 — AES-256 encryption (use this, not 128 or 40)
• --print=full — recipient can print the file
• --modify=none — recipient cannot edit
• --extract=n — recipient cannot copy text out

This is the most flexible method — you get explicit control over every permission flag. The downside is the syntax is unforgiving.

The AES-256 vs RC4 Trap (and Why It Matters)

This is the one section I'd ask you not to skip.

The PDF format supports four encryption schemes:

The PDF spec still allows 40-bit RC4 for backwards compatibility, and some older "free PDF encrypt" sites and tools still default to it. 40-bit RC4 can be brute-forced on a laptop in minutes. A PDF "encrypted" with 40-bit RC4 is essentially decoration.

When you password-protect a PDF, always confirm the encryption algorithm. In Acrobat, it's a dropdown. In Preview, Word, and qpdf, AES-256 is the default in current versions — but if you're using an older copy of any of them, check.

How to verify after the fact:

• In Acrobat: open the PDF → File → Properties → Security tab → look for "Encryption Level: AES 256-bit"
• In Preview: Tools → Show Inspector → padlock tab — shows algorithm
• From command line: qpdf --show-encryption encrypted.pdf — prints the cipher

If you see "RC4" anywhere in the output, redo the encryption properly.

For the deeper explainer on why AES-256 specifically is the standard, see my AES-256 encryption explained — same cipher, applied to PDFs instead of ZIPs.

How to Choose a Good PDF Password

PDF passwords are symmetric — the same string encrypts and decrypts. So the password's strength is the encryption's strength in practice. AES-256 with the password "1234" is no stronger than "1234" itself.

What works:

• Length over complexity. 16+ characters. A passphrase like correct-horse-battery-staple-2026 beats P@ssw0rd! and is easier to dictate.
• Different from any password you reuse. If your email password ever ends up in a breach, you don't want it unlocking your sensitive PDFs.
• Communicated through a different channel. Email the PDF, text the password. Or vice versa. Never send the password in the same email as the file.

What doesn't work:

• Anything in a dictionary
• Names, dates, addresses
• Patterns like Document2026!

A password manager will generate one. Or use Bitwarden's free password generator.

When a Password-Protected PDF Is the Wrong Answer

PDF password protection is great when you and the recipient both have a working PDF reader, the file is sized for email, and you only need to defend against casual interception. It's the wrong answer when:

• The PDF is over a few MB and the recipient's email blocks attachments — see my how to send large files via Gmail guide
• You need access logging, expiry, or revocation — PDFs are file-and-forget; once they leave you, you have no control
• You're handling regulated data (PHI, PCI, classified) — a password-protected PDF alone isn't sufficient
• The recipient is non-technical and might forget how to enter the password

For all of those, a secure share link from a service like Uploadex — AES-256 at rest, link expiration, download cap — is usually a cleaner workflow. The encryption is automatic, the audit trail is built in, the recipient just clicks a link, and you can revoke access if something goes wrong.

FAQ: Password Protecting a PDF

How do I password-protect a PDF for free?

On Mac, use Preview (built-in) → File → Export → tick Encrypt → set password. On Windows, use Microsoft Word if you have it (Save As → PDF → Options → Encrypt with password), or Adobe's free online password tool for non-sensitive files. On Linux, use the qpdf command-line tool — free and open-source.

Can I password-protect a PDF without Adobe Acrobat?

Yes — on Mac, Preview does it natively; on Windows, Microsoft Word (Save As → PDF → Options) and free tools like PDF24 or Foxit Reader can do it; on Linux, qpdf from the command line. None require Acrobat.

Is a password-protected PDF actually secure?

If — and only if — you used AES-256 encryption and a strong password (16+ characters, not in any dictionary), then yes, the PDF is effectively unbreakable by brute force. If you used the legacy 40-bit RC4 (still default in some old tools), it can be cracked on a laptop. Always verify the algorithm in the PDF's Security properties after encrypting.

How do I open a password-protected PDF?

Open it in any PDF reader (Adobe Acrobat Reader, Preview, Foxit, Chrome, Edge, etc.) — you'll be prompted for the password before the content displays. If you've lost the password and the PDF is AES-256 encrypted with a strong password, recovery is mathematically infeasible.

Can I remove the password from a PDF I created?

Yes. Open the PDF in the same tool you used to encrypt it, enter the password, then re-save without password protection. In Acrobat: All tools → Protect a PDF → Remove security. In Preview (Mac): File → Export → un-tick Encrypt. In qpdf: qpdf --decrypt --password=YOURPASS encrypted.pdf decrypted.pdf.

Can I password-protect a PDF on iPhone or iPad?

Yes, in the Files app: long-press the PDF → Lock PDF → enter Face ID / Touch ID or a custom password. This produces a PDF protected by the same AES-256 encryption macOS Preview uses.

How do I send a password-protected PDF by email?

Attach the PDF normally (assuming it's under your email provider's attachment limit — 25 MB for Gmail). Send the password through a different channel: text message, phone call, or a separate email — never in the same email as the file. For larger files, upload to a secure file-sharing service like Uploadex and send the share link instead — see my guide on sending large files via Gmail.

What's the strongest encryption for a PDF?

AES-256 is the strongest encryption the PDF format supports as of May 2026, and it's the standard NIST recommends for top-secret data. Avoid 40-bit RC4 and 128-bit RC4 — both are legacy and crackable. For long-term archival or regulated data, always use AES-256 + a 20+ character passphrase.

Summing Up!

Password-protecting a PDF is a 30-second job in any modern OS — Preview on Mac, Word or Acrobat on Windows, qpdf on Linux, Adobe Online if you need browser-only. The single mistake to avoid is sticking with legacy 40-bit RC4 encryption (still default in some old tools). Always pick AES-256 and verify it in the PDF's Security properties after encrypting.

For passwords: 16+ characters, never reused, sent through a different channel than the file itself.

If you find yourself password-protecting PDFs every week — for client deliverables, contracts, tax documents, medical records — a secure file-sharing service is usually the cleaner workflow. AES-256 at rest, password-protected share links, expiration timers, download caps, audit trail — all automatic, no manual encryption step. I walk through that setup in my guide on sending large files securely and the companion piece on how to send large files via Gmail past the 25 MB limit.

For the encryption fundamentals — why AES-256 specifically, what it actually protects against — see AES-256 encryption explained. For the ZIP-file equivalent of this guide, how to password protect a ZIP file.

Sources: 
- Adobe Acrobat — password-protect a PDF 
- NIST FIPS 197 — Advanced Encryption Standard 
- qpdf documentation