Adobe is among the most well-known brands in the world. Its creative suite applications dominate their respective industries, with finely tuned features and consistent updates. In the PDF space, however, Adobe’s solutions don’t quite live up to the brand. While its Acrobat suite provides intuitive editing tools, the methods it uses to protect documents are rudimentary and easily bypassed.
As a result, it’s necessary for companies who want to protect their PDF files to look for alternative, more secure solutions. Here we cover the options available.
Online PDF encryption
In a bid to avoid the licensing costs of Adobe Acrobat, it’s popular to instead turn to online encryption tools. Like Adobe PDF, these tools can encrypt a PDF file with a password and require the same password to decrypt it. Some even allow you to add two passwords: one for general viewing (the open password) and one for modification, printing, and copying (the permissions password).
Some of the PDF industries’ biggest names provide these online encryption tools, including Adobe and SmallPDF. However, the unfortunate reality is that this is oftentimes even less secure than Adobe Acrobat security. As well as exhibiting the same fundamental flaws – an outdated password-based system and easily bypassable restrictions – they require you to upload your sensitive documents to a remote server over which you have no control and where your documents could be compromised or hacked.
As with any PDF password protection system, as soon as you provide the password of a document to someone, the security of your PDF is compromised. The recipient can share the password and document with anyone else. But even if you have full trust in the recipient not to distribute your PDF document any further, tools and phishing methods are available to crack the password if it is got hold of by an unauthorized third party. The simpler and shorter the password is, the quicker it is to break.
Similarly, adding PDF restrictions is a waste of time. Once someone can open the PDF they can remove all PDF restrictions in seconds using free online PDF password cracking tools. Or they can just bypass them altogether by using a PDF Reader that does not honor them.
In general, then, online document encryption tools only have two advantages: their free nature and the ease of use.
JavaScript controls
In a bid to address the lack of DRM (Digital Rights Management) controls in Adobe Acrobat, some PDF encryption software use scripts that extend its functionality, such as making PDF files expire. These scripts can also be used separately by adding them to your PDF documents.
We’ll keep this short: they’re ineffective and dangerous. Don’t use them.
As well as being easily bypassed (users just need to turn off JavaScript in their PDF Reader), JavaScript can easily be manipulated by attackers to compromise and install spyware or ransomware on a user’s system. This holds regardless of whether the PDF is digitally signed. This is why even Adobe recommends you disable JavaScript in its Adobe Reader application.
Secure data rooms
Rather than protecting and distributing PDF files manually, you can use an online document sharing system such as a secure data room.
Secure data rooms generally use a restricted area on a server that contains documents that need to be shared with outsiders, such as Mergers & Acquisitions information. A data room space is secured by specific login credentials and usually provides additional IP address monitoring and SSL encryption.
Today, by far the most popular form of this is the cloud-based secure data room. However, these come with several security concerns:
- They’re accessed via the browser, so there are no system-based security controls. This means the document protection can typically be removed quite easily since it is simple JavaScript.
- Uncommon browsers, plugins and security controls may be used or the JavaScript edited by the user in the browser to bypass the controls.
- Documents may be retained in the client’s temporary files in plain text, where they can be recovered and sent to others.
- The password-based security many secure data rooms use have the same flaws and sharing issues as any other password-based system.
- They don’t stop screenshots or, if printing is enabled, printing to a digital document rather than a physical one.
- Multiple users can log in with the same credentials, so you have no idea who is really using the system or who you are tracking.
- Once you upload your documents to a remote server, you are entirely dependent on the data room provider to make sure your documents are adequately protected.
If you can find a secure data room provider that can mitigate these flaws while stopping users from copying to other devices, they can be worthwhile. The reality, though, is that despite being marketed as “highly secure”, most providers are unable to do so.
The other issue with them is cost. At first, they might seem reasonable with a low monthly fee but start adding users and documents to the equation, and costs soon spiral.
PDF DRM solutions
A good PDF DRM solution will enable you to encrypt PDF files without passwords so there is no easy way for users to circumvent security.
PDF DRM software that provides transparent key-based security that is easy to manage and distribute is the simplest way to enable secure document sharing. The PDF creator should be able to publish documents with strong encryption and printing, screenshotting, copying, watermarking and expiry controls that cannot be removed. PDF DRM systems that lock documents to devices and locations are the most secure as they prevent users from sharing PDF files with others.
Importantly, a good PDF DRM system should be able to apply and enforce DRM controls without needing the document Publisher to upload files to a third-party server.
Though some PDF DRM providers provide browser viewers, using them is mandatory, and they don’t prevent users from sharing login credentials. For the best protection of your PDF documents, viewing of protected PDF files should be performed in a dedicated application that is vetted for security and does not allow JavaScript or external plugins, or use other methods that force users to lower their computer security.
While no solution should be assumed to be 100% effective, the strong security of PDF DRM solutions, combined with their simplicity, make them the best alternative to Adobe Acrobat for PDF encryption.
