-
Written By
Simran Bhatia -
Approved By
Sonika Rawat -
Updated on
July 6th, 2026 -
Read Time
10 minutes
Quick answer: Mac users can do this natively with Preview. Windows and Linux users can do it for free with LibreOffice or the open-source command-line tool qpdf. None of these require installing anything shady, and none of them cost money.
What “Password Protecting” actually means
A PDF has two separate passwords, and mixing them up causes most of the confusion:
- Open password (user password): Encrypts the file. Nobody can even view it without the password.
- Permissions password (owner password): Doesn’t encrypt anything. It restricts what a viewer can do print, copy text, edit, but any halfway-decent PDF tool can strip these restrictions in seconds. Don’t rely on it to protect anything sensitive.
If you actually need privacy, you want an open password with AES-128 or AES-256 encryption. Anything less is a speed bump, not a lock.
Preview has had this built in for years, and it still works the same way in the current macOS release.
Preview uses AES-128 encryption. It’s fine for personal files. It won’t help you if you have 40 PDFs to protect before 5pm, there’s no batch mode.
This is free, cross-platform, and actively maintained, so it isn’t going away. One catch: it works best when you export a document to a protected PDF for the first time. If you already have an unprotected PDF and need to lock it, open it directly in LibreOffice Draw instead of Writer, Draw can open existing PDFs.
If your source file is a Word document rather than a finished PDF, skip Draw and export straight from Writer, same Security tab, same steps.
If you’re comfortable with a terminal, qpdf is the fastest free option and the only one on this list that handles more than one file without manual clicking.
qpdf --encrypt <user-password> <owner-password> 256 -- input.pdf output.pdf
Replace 256 with 128 if you need broader compatibility with older PDF readers. To loop through a folder on macOS or Linux:
for f in *.pdf; do
qpdf --encrypt mypassword "" 256 -- "$f" "protected_$f"
done
On Windows, the same loop works in PowerShell with minor syntax changes. This is genuinely the free method IT admins reach for, see the next section.
If you’re protecting one file a month, the free route is genuinely fine, use it. If you’re protecting client deliverables regularly and you’d rather not remember qpdf syntax every time, PDF Protection Tool gives you the same AES-256 encryption in a GUI: pick files, set a password, done. Preview before you pay, so you know it works on your actual files first.
Once a PDF is encrypted, it behaves like any other file for storage and sharing, Google Drive, OneDrive, Dropbox, or straight email attachment all work, because the encryption lives inside the file itself, not in the storage layer. The one thing to check: some company email gateways scan attachments for malware and can’t open encrypted files to do that scan, so a few IT departments block password-protected PDFs at the gateway. If your recipient reports the file “didn’t come through,” that’s usually why ask them to check with their IT team before assuming the file is broken.
Individual User takeaway: if you send sensitive PDFs occasionally, LibreOffice or Preview costs you nothing. If it’s a weekly habit, a dedicated tool saves you the repeated manual work and the mistakes that come with it.
Quick answer: For under ~20 files, qpdf scripted in a loop works and costs nothing. Past that, you’re maintaining a script, and the failure modes – corrupted files, inconsistent permission sets, no audit trail become your problem at 2am. That’s the point where a dedicated bulk tool earns its license fee.
A qpdf loop works until one of these happens, and eventually one of them always does:
None of this means qpdf is bad, it’s a solid tool for a one-off job. It means a one-off script isn’t infrastructure, and treating it like infrastructure is how you end up debugging a batch job during a compliance audit.
If you’re staying manual, at minimum wrap the loop with logging and error handling:

This gets you closer to audit-ready, but you’re still writing and maintaining this yourself, and it still can’t set different permission tiers by folder without more branching logic.
PDF Protection Tool handles the parts the script doesn’t: it processes an entire folder in one pass, flags files it couldn’t process instead of silently failing on them, lets you set open and permissions passwords per batch, and gives you a completion report you can hand to compliance without editing it first. Preview the batch results before you pay for a license, so you’re not buying blind.
| Factor | Manual (qpdf / LibreOffice) | PDF Protection Tool |
|---|---|---|
| Cost | Free | Paid, trial available |
| Batch processing | Requires custom scripting | Built in |
| Corrupted file handling | Loop stops or fails silently | Flags and skips, continues batch |
| Per-folder permission rules | Manual branching logic | Set per batch in GUI |
| Audit / completion log | None unless you build it | Generated automatically |
| Encryption standard | AES-128 or AES-256 (your choice) | AES-256 |
| Learning curve | Command-line familiarity needed | GUI, no scripting |
| Support | Community forums only | Direct support line |
| Best for | Under ~20 files, one-off jobs | Regular or large-volume batches |
Password protection alone doesn’t make you GDPR or HIPAA compliant, it’s one control among several (access logging, retention policy, breach notification process are separate requirements). What it does do: it satisfies the “encryption of data in transit and at rest” line item that most internal security policies and several regulatory frameworks require for documents containing personal or financial data. If your policy specifies a minimum encryption standard, confirm it’s AES-256 before you standardize on a method, some older free tools still default to AES-128 or the weaker RC4 standard.
SysInfoTools offers volume licensing for teams protecting files across multiple machines or departments, worth asking about if you’re rolling this out past a single admin’s laptop. Every purchase includes a money-back guarantee, and the trial version lets you run it against your actual files before any purchase conversation happens, so procurement isn’t approving something nobody’s tested.
Email Sales for Volume Pricing →
IT Admin takeaway: script it yourself if the job is small and occasional. Once you’re protecting files as a recurring process with compliance requirements attached, the audit trail and error handling you’d have to build yourself are exactly what you’re paying for.
Ans. AES-256 encryption on a PDF is not practically crackable through brute force with current consumer hardware, provided the password itself is strong, a short or common password can still be guessed regardless of the encryption strength behind it. The encryption algorithm isn’t the weak point; a weak password is.
Ans. An open password encrypts the file so nobody can view it without entering the correct password. A permissions password doesn’t encrypt anything, it only restricts actions like printing or copying, and those restrictions can usually be removed by other PDF software within seconds.
Ans. Some browser-based tools offer this, but uploading a sensitive PDF to a third-party website to get it “protected” means that site’s server has an unencrypted copy of your file, even briefly. For anything containing real personal or financial data, use a local tool like LibreOffice, macOS Preview, or qpdf instead.
Ans. Google Docs does not support password protection during PDF export, and there is no setting inside Docs that adds one. You have to export the PDF first and then apply a password using a separate tool such as LibreOffice Draw or a dedicated PDF utility.
Ans. A scripted loop using the free tool qpdf can batch-process a folder of PDFs, though it has no built-in error handling or audit logging. For large or recurring batches, especially with compliance requirements attached, a dedicated bulk tool such as PDF Protection Tool handles error cases and produces a completion report automatically.
Ans. Yes, as long as the permissions settings explicitly allow content extraction for accessibility purposes, most PDF protection tools, including LibreOffice and PDF Protection Tool, include this as a separate toggle from general copy/print restrictions, so check that setting rather than assuming it’s on by default.
About The Author:
Simran Bhatia is a technical content writer engaged in writing clear, concise, and SEO-optimized content. With a background in computer science and a passion for writing, I thrive to deliver complex technical content in simple layman terms.
Related Post