How should I deliver the password to the recipient?

Through any channel that is not the one carrying the file. Email the attachment, then send the password by text message, messenger, or a phone call — if either channel leaks, the document stays sealed. Say how to type it, for example all lowercase with hyphens between words, to prevent failed attempts, and avoid characters that get misread when written down, like capital I and lowercase l. A password in the same email as the file is decoration, not protection.

What happens if the recipient forgets the password?

The file stays locked — that is the point of real encryption, and there is no recovery backdoor. Plan for it instead: keep your unprotected original filed properly, so you can re-send a freshly locked copy with a new passphrase at any time. For documents a client may reopen months later, note the password in your own password manager per project; neither of you will remember a phone call from last quarter.

Is a PDF password enough for highly sensitive material?

For the wide middle of real documents — contracts, statements, HR paperwork — a locally applied password with a decent passphrase is proportionate and effective. It is the wrong tool when a regulation prescribes specific handling, when you must prove who opened the file and when, or when part of the content must be hidden from the recipient — those call for compliance platforms, audit trails, and redaction respectively. Match the mechanism to the actual requirement, not to a general sense of caution.

Put a password on a PDF before sending it

The strange habit around PDF passwords is the order of operations: to protect a sensitive file, most people first upload it — unprotected — to a website they found seconds ago. The protection step becomes the most exposed moment in the document's life. PDFTasker inverts that: the encryption runs in your browser, so the file is locked before it travels anywhere, and the password never leaves your machine either. What you get is real encryption, not a polite request — without the password, the document body is unreadable in any standard viewer. Be precise about what that buys: a password protects the file at rest and in transit (a forwarded email, a lost laptop, an old backup), but it does not control what an authorized recipient does after opening, and it is only as strong as the passphrase you choose. Three or four unrelated lowercase words beat a short clever string — easier to read over the phone, harder to brute-force. Two habits complete the job: send the password through a different channel than the file, and clean the document's metadata with sanitize before locking, because encryption seals the file exactly as it is — hidden traces included.

How-to guides

Step-by-step guides

01
Finish the document first
Protection is the last step. If the file is sensitive, clean its metadata with sanitize before you lock it.
02
Load the PDF
Open the protect tool and add the file. It is read into browser memory — the file and the password never transmit.
03
Set the passphrase
Use a few unrelated lowercase words. You will deliver it by phone or message, so make it easy to say and type.
04
Export and test
Download the locked copy and open it yourself with the password once before sending. Your original stays unprotected on your device.

Frequently asked questions

How should I deliver the password to the recipient?: Through any channel that is not the one carrying the file. Email the attachment, then send the password by text message, messenger, or a phone call — if either channel leaks, the document stays sealed. Say how to type it, for example all lowercase with hyphens between words, to prevent failed attempts, and avoid characters that get misread when written down, like capital I and lowercase l. A password in the same email as the file is decoration, not protection.
What happens if the recipient forgets the password?: The file stays locked — that is the point of real encryption, and there is no recovery backdoor. Plan for it instead: keep your unprotected original filed properly, so you can re-send a freshly locked copy with a new passphrase at any time. For documents a client may reopen months later, note the password in your own password manager per project; neither of you will remember a phone call from last quarter.
Is a PDF password enough for highly sensitive material?: For the wide middle of real documents — contracts, statements, HR paperwork — a locally applied password with a decent passphrase is proportionate and effective. It is the wrong tool when a regulation prescribes specific handling, when you must prove who opened the file and when, or when part of the content must be hidden from the recipient — those call for compliance platforms, audit trails, and redaction respectively. Match the mechanism to the actual requirement, not to a general sense of caution.