How to Password-Protect a PDF Before Emailing It
Email isn't encrypted end-to-end. If you're sending a tax return, a contract, or a confidential report, password-protecting the PDF first is the standard practice for sensitive deliverables.
The problem
You're a CPA emailing a finished tax return to a client. The IRS has guidance on protecting taxpayer data in transit. You need a password on the PDF — communicated separately by phone or text.
Use the tool now
Open the encrypt pdf tool and follow the steps below.
Step-by-step
- 1
Open the Encrypt PDF tool
Drop your finished PDF in.
- 2
Pick a strong password
For client-deliverables, common pattern: client's last 4 SSN + birth year (e.g., 12341990). Easy to communicate, hard to guess for outsiders.
- 3
Set permission restrictions
Optionally restrict print/copy/edit. For viewing-only deliverables, restrict edit. For copying receipts, allow copy.
- 4
Encrypt and download
AES-256 encryption applied. PDF requires the password to open.
- 5
Communicate the password separately
Phone, text, or even a separate email. Never include the password in the same email as the encrypted PDF — defeats the purpose.
Pro tips
- •Best practice: PDF password by email, password phrase by phone. Two channels.
- •For batches of clients, use a unique password per client (not "Tax2025" for everyone).
- •After the client opens the PDF, they can save an unprotected copy if needed. The protection is in transit, not in client storage.
- •For higher-stakes work (M&A documents, attorney-client privileged), consider purpose-built secure delivery (Citrix ShareFile, Adobe Sign) over PDF encryption.
Frequently asked questions
How strong is AES-256?
AES-256 is the same encryption used by US government for classified data. With a strong password, it's effectively unbreakable.
What's a "strong" password?
12+ characters with mixed cases, numbers, and symbols is ideal. For client work, last-4-SSN + birth year is acceptable common practice.
Can I batch-encrypt 50 client returns?
PDFShed processes one at a time. For batch encryption with per-file passwords, batch operations are roadmapped.
What if the client forgets the password?
You re-generate from your records (since you set it). PDFShed cannot recover passwords — they're cryptographically random by design.