Lock a PDF with a password so only the right people can open it. Filoraio encrypts your file with AES-256 — the modern standard used by banks and governments — and optionally blocks printing, copying, or editing. Everything happens inside your browser tab.
Filoraio runs the merge directly inside your browser using a small WebAssembly engine. Nothing is uploaded, nothing is queued, and you can verify it yourself — open your browser’s DevTools, switch to the Network tab, and watch it stay quiet.
They’re read into your browser’s memory through a standard file picker.
The merge runs locally — no request leaves your device while it processes.
The combined PDF lands in your downloads folder, the same way any other download would.
No upload bar, no progress spinner waiting on a server. Works offline once the page is loaded.
The encryption itself takes under a second for most files. The bottleneck is choosing a password you'll remember without writing it on the file's own metadata.
Drag the file onto the drop zone or click to pick one. A thumbnail of the first page appears so you can confirm you're encrypting the right document, and the page count loads from your device without uploading anything.
Type the password people will need to open the file, then confirm it. The strength meter tells you whether the password is weak, fair, or strong — long random phrases beat short clever ones. The password is never sent anywhere; it's only used as input to the encryption algorithm running in your tab.
Tick "Also restrict what people can do" to add permission limits on top of the password — block printing, text copying, editing, or annotations individually. The flags are written into the PDF's permission dictionary and honored by every mainstream reader (Adobe Acrobat, Preview, Chrome, Firefox, WPS Office). The same password you typed above opens the file in all of them.
Click Protect PDF to encrypt the file with AES-256, then download the protected copy. Save the password somewhere safe (a password manager works well) before you close the tab — PDF encryption derives the decryption key from the password, so without the password there is no way for anyone, including Filoraio, to recover the contents.
Anyone whose document is one accidental forward away from a real-world problem. Encryption keeps the file useful for the right person while making it useless to everyone else.
Sending a draft contract, settlement agreement, or privileged memo to a client over email. Password protection keeps the contents readable only by the intended recipient even if the email is forwarded, intercepted, or accidentally CC'd to the wrong address.
Sharing medical records, lab results, or insurance forms via email or messaging. Encrypting the PDF gives you a sanity-check layer that aligns with HIPAA-style "reasonable safeguards" guidance — the recipient enters a password they were told separately to open the file.
Sending tax returns, financial statements, payslips, or board reports outside the company. Passwords prevent casual leaks (forwarded emails, shared screens) and force a deliberate authentication step before sensitive numbers become visible.
Distributing offer letters, performance reviews, severance terms, or compensation documents. Each recipient gets their own copy with their own password — even if files end up on the wrong machine, the contents stay locked.
Locking a will, an estate-plan PDF, a passport scan, or a copy of an ID before storing it in cloud sync (Drive, iCloud, Dropbox). Even if the cloud account is compromised, the file's contents stay encrypted at rest.
Sharing draft research or sensitive reporting with collaborators before publication. Password protection adds friction for accidental leaks and acts as a clear signal that the document isn't intended for public circulation yet.
Four common reasons a PDF should not be sent in the clear — and how the protect workflow handles each.
You're sending a 12-page contract draft for review. The email server logs everything and forwarding is one click away. Drop the PDF, set a password, send the password through a different channel (text message, phone call), and email the encrypted file. If the email leaks, the contents don't.
Your broker needs your last three payslips to verify income. Each one has your salary, your bank account number, and your employer's address. Drop each PDF, set the same shared password, attach all three to the email, and SMS the password separately. The broker enters the password once and reads everything.
Your quarterly board pack contains forward-looking financial guidance you don't want printed and left on a coffee shop table. Set a password to open the file, tick "Block printing", and send the protected copy. Board members can read on screen; the print menu greys out.
You want your estate plan accessible to a family member if needed, but you also sync your Documents folder to a cloud service. Encrypt the file locally before it syncs — even if the cloud account is breached or shared by mistake, the contents stay locked.
Four habits that turn "I encrypted it" into "the file is actually safe and still usable a year from now".
The single most common mistake is sending the password in the same email as the encrypted file. That's equivalent to taping the key to the lock. Use a separate channel (text, phone call, password manager share, secure messenger) — and store your own copy of the password in 1Password, Bitwarden, Apple Keychain, or any tool that backs up.
Three random words ("correct-horse-battery-staple" style) are stronger and easier to remember than "P@ssw0rd!". Modern password crackers chew through 8-character passwords in hours; 16+ character passphrases take longer than the heat death of the universe at current hardware speeds. The strength meter rewards length more heavily than special characters for this reason.
The PDF spec's permission flags (print, copy, edit) are respected by Adobe Reader, Preview, and most desktop readers. They're trivially bypassed by anyone determined — many open-source tools (including our own Unlock PDF) can strip them with a re-save. Use restrictions to communicate intent ("please don't print this"), and use the user password to enforce confidentiality.
Some older PDF readers (Adobe Reader 8 or earlier, some embedded enterprise viewers) don't support AES-256. If your recipient's environment is one you're not sure about, choose RC4 from the Advanced section — it's less secure but compatible with virtually every reader ever made. For modern Mac, Windows, mobile, and web viewers, AES-256 is the right default.
Side by side with the average online PDF password tool — including the ones with millions of monthly users.
| Feature | Filoraio | Typical online PDF tools |
|---|---|---|
| Where files are processed | On your device — never uploaded | Uploaded to servers for processing |
| Where your password is handled | Stays in your browser tab | Submitted to servers along with the file |
| Default encryption algorithm | AES-256 (PDF 2.0 standard) | Often RC4 by default on free tier |
| Granular permission restrictions | Yes — toggle each action individually | Often all-or-nothing, or premium-gated |
| Watermark on output | None | Often added on free tier |
| Account required | No | Often required for >5 MB |
| File size limit | None — bounded by device RAM | Usually 25-50 MB on free tier |
Quick answers to the things people ask most often before using this tool.
It encrypts the file's contents with a password, so anyone trying to open it has to supply that password first. With AES-256 — the default — the page content, text, images, and metadata are mathematically unreadable without the key derived from your password. Optionally, you can also add permission restrictions (block printing, copying, editing) that apply once the file is open. The encryption is the security boundary; the restrictions are a layer on top.
Yes — completely free, no signup, no email collection, no daily quota. Encrypt as many PDFs as you need, of any size your device can hold in memory, with no watermark and no premium tier. The page is supported by occasional unobtrusive ads, not by charging for the actual functionality or selling your files.
No, never. The encryption runs entirely inside your browser tab — your PDF is read into memory, the password is fed into the AES key derivation function, and the encrypted output is written to a downloadable blob. There is no upload, no server round-trip, no cookie touching the file. You can verify this by opening your browser's DevTools → Network tab before dropping a PDF: you'll see zero network requests during encryption.
The file becomes permanently unreadable. PDF encryption derives its key from the password — there is no master key, no backdoor, no "reset link". Filoraio doesn't store the password (it never received it in the first place), and no legitimate tool — not Adobe, not iLovePDF, not anything else — can recover the contents without the original password. This is by design and is exactly what makes the encryption useful. Save the password in a password manager before you close this tab.
Strong enough that an attacker who guessed once per millisecond would still be guessing in a year. In practice that means at least 12 characters, with some mix of cases, numbers, or symbols. A passphrase of three or four random words ("trumpet-orange-fence-glide") is easier to remember than a short password full of substitutions and usually stronger. Avoid anything related to the file ("contract2026", names, dates). The strength meter in the form is a rough nudge, not a guarantee — long beats clever almost every time.
The password is the lock — without it, nobody can open the file at all. The restrictions are rules that apply after the file is open: block printing, text copying, content editing, or annotations. Two separate mechanisms in the PDF spec. Filoraio encodes both in a single protected file using one password, so you only have to remember the one you typed. Well-behaved readers (Adobe Acrobat, Apple Preview, Chrome, Firefox, WPS Office, every mainstream mobile reader) prompt for the password to open the file and then enforce the restrictions you chose — Print is greyed out, Copy fails, and so on.
AES-256 unless you have a specific reason not to. AES-256 (PDF 2.0 standard, ISO 32000-2) is supported by every PDF reader from roughly 2017 onwards — Adobe Reader 11+, Preview on every Mac, every browser's built-in viewer, every mainstream mobile reader. RC4 (PDF 1.4, ISO 32000-1) is the older legacy algorithm — weaker cryptographically but accepted by basically every PDF reader ever made, including very old enterprise viewers. Use RC4 only when you know the recipient's reader is too old for AES.
Yes — AES-256 protected PDFs open in Apple Preview, the iOS and Android Files apps, Adobe Acrobat Reader on every desktop platform, Chrome/Edge/Firefox/Safari's built-in viewers, Google Drive's preview, and basically every modern PDF reader. The recipient is prompted for the password on first open, just as they would be for a bank-issued statement. RC4 has even broader compatibility if you specifically need to support a reader from before 2017.
Honestly: yes by well-behaved readers, no by determined attackers. Adobe Reader, Apple Preview, and every mainstream consumer PDF viewer respect the permission flags — "print" will grey out, "copy" will fail. But the flags themselves are part of the file metadata, not enforced cryptographically. Anyone with the user password can use various open-source tools (including our own Unlock PDF) to strip the restrictions and produce an unrestricted copy. Treat restrictions as "please don't" rather than "you can't". The user password is the real security boundary.
Yes — encryption wraps the existing page content; it doesn't touch text, fonts, images, layout, or page count. The recipient sees the same document they would have seen if you'd sent it unencrypted, after they enter the password. Filoraio doesn't downsize, re-compress, or reflow anything during encryption.
Imperceptibly. Once a reader has the password, decryption happens as the file streams in — modern devices process AES-256 at hundreds of MB per second, faster than the disk read itself for typical document-sized PDFs. The only user-visible difference is the password prompt at the start. Page-flipping, search, and annotation performance are unchanged.
Not directly — Filoraio detects already-encrypted inputs and refuses, because layering two passwords on the same file produces a document most readers can't open cleanly. To change the password on an existing protected PDF, unlock it first using our Unlock PDF tool (you'll need the current password), then bring the unlocked copy back here and protect it with the new password.
Encrypting your own copy of a file you legitimately received is fine — it's analogous to keeping a printed copy in a locked drawer. What you can't do is *redistribute* a protected version in a way that misrepresents the source, removes attribution, or violates the original sharing agreement. If a file came with a sharing license or NDA, the encryption layer doesn't override those terms — it adds to them. When in doubt, ask the original sender.
Not in a single batch — this version of the tool encrypts one PDF at a time. To protect several, drop them in sequence; each one is an independent encryption with its own download. You can reuse the same password across files (common for distributing related documents to one recipient) or pick a different one each time. The clear-and-restart button at the bottom of the page makes it a two-click cycle per file.
Tools picked because they pair naturally with the one above — the next step in a typical PDF workflow.