One great feature of PDF files is you can lock them so only certain people can open them, and you can apply more granular security controls to restrict how recipients use them. This lets you control different kinds of functionality independently and (depending on the type of security you use), allow/disallow it on a user-by-user basis. Here’s a few examples of the permission control you can use:
- Allow/disallow printing
- Allow/disallow copying text from pages
- Allow/disallow collaboration with forms, digital signatures and annotation tools
- Allow/disallow editing of text and other content
We won’t go into too much detail on document open and usage permission security in this article. If you’d like to learn some more, visit the PDF security & digital signatures overview page, as well as the Perrmission security settings in PDF help page on the Nitro site. Instead we’ll focus on identifying and choosing the best method of security for your needs.
Methods of security for PDF
There are two methods you can choose from when securing your PDF files: password security and certificate security.
Password security is the method we’re all familiar with, as its commonly used for web sites, services, and software. With PDF files, if you know the open password you can open the file, and if you know the permissions password, you can change the permissions settings.
In the PDF world, many PDF creators (including some free ones, like PrimoPDF) let you apply security to your PDF files at the time they’re created. There are also PDF viewing/editing tools, such as Adobe Acrobat and Nitro Pro, that let you change or remove security settings and passwords of existing PDF files (providing you supply the correct permissions password, if required).
Certificate security is the lesser known method of securing PDF files. Instead of using and sharing passwords, participants share PDF files that can only be opened and used by recipients who have a trusted certificate. To begin using this method, all participants must start a list of trusted contacts by first sharing their certificates.
Certificate-based security is typically found in high-end PDF software designed for business professionals (like Nitro PDF Professional and Adobe Acrobat) as the feature enables organizations to have a more secure method of exchaning files, while also being more flexible, efficient and easy to use than password-based security. Certificate security can be better trusted because, unlike passwords (which can theoretically end up in anyone’s hands), certificates can be locked to an individual computer and protected so the certificate cannot be moved to another computer or otherwise used by an unauthorized person.
The most obvious positives of certificate-based security are:
- Once certificates have been exchanged, trusted recipients can open and use files without needing to know and remember a password – instantly removing a pain point when exchanging secure PDF files.
- Only recipients with a trusted certificate installed can open the secured file, unlike password security in which anyone (including people unknown to you) can open the file if they have the password.
- Different permissions can be granted for different recipients. For example, an internal recipient may be allowed to annotate and print, whereas an external recipient is restricted to just viewing the file on their computer.
- Organization- or workgroup-wide certificates can be used, enabling the user to grant permission to a group of individual trusted contacts with one certificate.
The primary negative of certificate-based security is:
- Setting up certificates and trusted contact lists can take time. When there’s an urgent file to send and the clock is ticking, it might seem like time wasted. The fact is, however, that once it’s set up, there’s never a need to worry about passwords and the lack of control you have with your security. Without making the once-off effort, sharing secured files with more than one or two individual users is always going to be a painful process.
Choosing your method of PDF security
As you’ve probably worked out, each method of security has its benefits and neither is perfect for all situations. Password security suits more occasional use between a small number of users, while certificate security comes into its own when more formalised workflows and larger groups of users are involved.
The list below includes most common situations and circumstances users encounter when sharing secure PDF files. In each case, I suggest which security method I think is the better choice. Of course, you don’t have to use my suggestion – the one that works for you is always best! I do hope though that I’ve shed some light on how useful certificate-based security can be, particularly when there’s more people involved and the stakes are higher.
- You’re occasionally sharing secured files with a small number of people. (Use passwords)
- When sharing your files, you trust all recipients 100% not to misplace the password at any time in the future. (Use passwords)
- You need to share a PDF file urgently and haven’t set up all recipients with a digital certificate. (Use passwords)
- You share secured documents regularly with the same people, workgroups and teams. (Use certificates)
- When there is a greater importance on sharing only with approved users (certificate holders). (Use certificates)
- You need to sharing files with users who must have different usage rights. For example, you might allow internal recipients to print and change contents, whereas for external people you might like restrict usage to just viewing the PDF onscreen. (Use certificates)
- Your organization needs a more formalized and organized workflow or policy for exchanging secured files. (Use certificates)
