To add a password to a PDF, upload the file, type a password, confirm it, and click Protect PDF — the tool encrypts the document entirely in your browser using RC4-128 encryption and the protected file downloads immediately. Anyone who tries to open it will be prompted for the password before the contents are shown.
Free Protect PDF Tool — runs in your browser
No uploads. No account. Your password never leaves your device.
Password-protect a PDF nowWhen should you password-protect a PDF?
Not every PDF needs a password, but some categories of document should almost always have one before they leave your device. Here are the situations where password protection makes a real difference:
- Sending financial documents — tax returns, payslips, bank statements, P60s, and similar files sent by email are trivially forwarded; a password ensures only your intended recipient can open them
- Sharing legal contracts — a draft agreement sent to a counterparty for review should not be readable by anyone who intercepts or accidentally receives the email
- Distributing HR documents — offer letters, disciplinary notes, performance reviews, and salary information are typically confidential to the individual
- Sharing medical records — test results, referral letters, and GP summaries sent between practitioners or to patients should require authentication to open
- Protecting ID documents — a copy of a passport, driving licence, or birth certificate sent digitally is high-value for identity theft; a password adds a meaningful barrier
- Distributing exam papers or confidential reports — documents that must not be read until a specific time or by a specific audience can be shared early with the password communicated separately
The common thread: documents where unauthorised access would cause real harm — financial, legal, reputational, or personal.
Why most online protectors are a privacy risk
Here is the irony with most “PDF protection” tools online: to protect your document, you first have to upload it to a stranger’s server unprotected. iLovePDF, Smallpdf, Adobe Acrobat online, and most competitors receive your file in the clear, apply the password on their server, and then let you download the result.
The document you wanted to protect just spent time on infrastructure you do not control — exactly the kind of exposure you were trying to prevent. There is also a second risk unique to password tools: you type your chosen password into a web form, which typically means it travels over the network alongside your document. Any server log, network trace, or session recording that captures the form submission now has both the document and the key.
FixMyPDF runs the encryption entirely in your browser using JavaScript. Your PDF is read from your disk into browser memory. The password you type stays in that same browser session. The encryption is performed locally and the result is downloaded directly to your device. Neither the document nor the password ever reaches any server. There is nothing to intercept.
How to add a password to a PDF step by step
This takes under two minutes:
-
1
Open the Protect PDF tool
Go to fixmypdf.tech/tools/protect.html. No sign-up or software required. -
2
Upload your PDF
Drag the file onto the drop zone or click to browse. The file loads in your browser — nothing is sent anywhere. -
3
Type your password
Enter your chosen password in the password field. As you type, the strength indicator fills with up to four bars and shows which criteria you have met: 8 or more characters, an uppercase letter, a number, and a special character. Use the Show button to reveal what you have typed if needed. -
4
Confirm your password
Type the same password again in the Confirm password field. This prevents typos from locking you out of your own document. The tool will not proceed if the two entries do not match. -
5
Click Protect PDF and download
Press the Protect PDF button. The encrypted PDF downloads immediately. When anyone tries to open it — in Chrome, Firefox, Acrobat, Preview on Mac, or any standard PDF viewer — they will be prompted for the password before the contents are shown.
How to choose a strong password
The strength of the encryption is only as good as the password protecting it. The tool’s strength indicator tracks four criteria, but understanding why each one matters helps you choose a password that is genuinely hard to crack rather than just one that satisfies the checklist.
| Criterion | Why it matters |
|---|---|
| 8+ characters | Shorter passwords can be brute-forced quickly; every additional character multiplies the search space exponentially |
| Uppercase letter | Mixing case doubles the character set an attacker must search through; pure lowercase is a well-known shortcut in password lists |
| Number | Adds digits to the character set; passwords without numbers appear in the most common wordlists used for dictionary attacks |
| Special character | Symbols like !, @, #, $ are absent from most dictionary attack lists and significantly slow brute-force attempts |
Meeting all four criteria gets the indicator to full strength, but a truly secure password also avoids predictable patterns: Password1! technically meets all criteria but is one of the first combinations any password-cracking tool will try. A passphrase — three or four unrelated words joined with numbers and symbols, such as Lamp7#River!Desk — is both memorable and far harder to guess.
Always save the password somewhere before distributing the file. A password manager (1Password, Bitwarden, Apple Keychain, Google Password Manager) is the right place. If you set a strong password and forget it, the document cannot be recovered — that is exactly what strong encryption means.
What password protection does — and what it doesn’t
Understanding the limits of password protection helps you decide whether it is sufficient for your use case or whether you need additional measures.
What it does
- Requires anyone who opens the PDF to enter the correct password first
- Works in every standard PDF viewer: Chrome, Firefox, Edge, Adobe Acrobat, Apple Preview, Foxit, and mobile readers
- Uses RC4-128 encryption — the standard PDF security handler, supported by every PDF viewer without additional software
- Protects the document in transit (email, file sharing, cloud storage) against anyone who intercepts or accidentally receives the file
What it does not do
- It does not hide the file name or metadata visible in cloud storage or email previews; only the contents require the password
- It does not redact content — if the recipient opens the file and copies text or takes a screenshot, the protection is bypassed; use a redaction tool for content that must be permanently removed
- It does not prevent someone who has the password from forwarding the file to others, who can then open it with the same password
- It is not a substitute for access controls in enterprise document management systems, which offer more granular permissions (view only, no printing, expiring access)
For the majority of everyday use cases — protecting a document before emailing it, ensuring only the intended recipient can read a contract, adding a barrier to a sensitive report — password protection is exactly the right tool. For documents requiring persistent access control or permanent content removal, a combination of redaction and password protection provides stronger coverage.
Tips for common protection scenarios
Communicate the password separately from the file
Never send the password in the same email as the protected PDF. If an email account is compromised or the email is forwarded by mistake, both the file and the key are exposed. Send the file by email and the password by a different channel — SMS, a phone call, a separate messaging app, or a password manager’s sharing feature.
Protect after all edits are complete
If you need to edit, annotate, sign, or compress the PDF, do those steps first and protect it last. Opening a protected PDF for further editing requires unlocking it, which adds an unnecessary extra step. The workflow should be: edit → compress (if needed) → protect → send.
Use a unique password for each recipient where possible
If you are sending the same document to multiple people who should not share access, protect a separate copy for each recipient with a unique password. This way, if one recipient shares the password, you know which one and the other copies remain secure. This requires one extra protect operation per copy but is worth it for genuinely sensitive material.
Remove the password before merging or compressing
Most PDF tools — including FixMyPDF’s compressor and merger — require an unlocked file to operate. If you need to combine or reduce a protected PDF, use the Unlock PDF tool first, perform your edits, then re-protect the result. Do not rely on a protected PDF reaching downstream tools — always unlock, process, re-lock.
Test the password before distributing
After downloading the protected file, open it in a private or incognito browser window to confirm the password prompt appears and that your password works. A two-minute test prevents the frustration of a recipient calling to say the password you gave them does not work.