2026-05-17 · 8 min read
How to Remove a Password from a PDF (Legally)
Bank statements, payroll slips, broker confirmations, mobile-phone bills — banks and large institutions ship PDFs encrypted with a password by default, usually some predictable mash of your birthdate and account number. It’s a defensible default for them, and a daily annoyance for you. If you legitimately own a PDF and have its password, removing the password permanently takes about thirty seconds. Below are four methods that work, and a frank section on what to do (and not do) if you’ve forgotten the password.
Two kinds of password
PDFs support two distinct passwords, and knowing which one you’re fighting matters:
- User password (open password). Required to open the document at all. The file’s contents are encrypted; no password, no readable text.
- Owner password (permissions password). The document opens normally but printing, copy-paste, editing, or form-filling are blocked unless you supply this password. The contents are not encrypted; the restrictions are advisory and any compliant viewer is supposed to honour them.
For a deeper look at what each protects against, see our guide to PDF passwords and encryption. The short version: removing an owner password is trivial because the data isn’t encrypted; removing a user password requires you to know the password, after which you decrypt and re-save.
First — please confirm you have the right
Removing a password from a PDF you own is legal everywhere we know of. Removing it from a PDF you don’t own — even if you somehow have the password — may not be. The relevant law in most jurisdictions cares less about “could you crack it” and more about “did you have authority”. If the document belongs to your employer, ask. If it’s a third-party confidential file, don’t.
With that out of the way, here are the methods.
Method 1 — macOS Preview (Print to PDF)
The fastest method on a Mac, and the one most people land on accidentally:
- Open the PDF in Preview, enter the password.
- File → Export as PDF.
- In the export dialog, leave the Encrypt checkbox unticked. Save.
That’s it. Preview decrypts the file in memory and writes a new copy with no password. Works for any user password you know. For owner-password-only PDFs, Preview will simply ignore the restrictions on export.
Method 2 — Browser print (Chrome, Edge, Firefox)
Cross-platform variant of method 1. Open the PDF in the browser, type the password if asked, then File → Print → choose “Save as PDF” as the destination. Save.
The trade-off: print-to-PDF rasterises some content (form fields, annotations, hyperlinks may be flattened or lost). For a clean statement of plain text and tables this is fine; for a contract with embedded form fields you want to preserve, prefer method 3 or 4.
Method 3 — In-browser PDF tools (no upload)
Several open-source PDF tools run a WebAssembly build of qpdf directly in your browser. Drop in the encrypted PDF, type the password, click decrypt, download the unprotected copy. Nothing is uploaded; the decrypted file is built on your device.
This is the privacy-preserving choice for documents containing personal financial data — exactly the kind of file most people are trying to unlock. Be very wary of free hosted “PDF unlock” services that require an upload; you have no idea what they do with your bank statement after you click download.
Method 4 — Command line (qpdf)
For batch jobs — six months of bank statements at once — qpdf is the right tool. It’s free, available on every platform via package manager, and handles the full range of PDF encryption schemes.
For a single file:
qpdf --password=YOURPASS --decrypt input.pdf output.pdf
For a directory:
for f in *.pdf; do qpdf --password=YOURPASS --decrypt "$f" "unlocked_$f" done
Owner-password-only files unlock with no password at all:
qpdf --decrypt locked.pdf clean.pdf
Method comparison
| Method | Speed | Preserves structure | Privacy |
|---|---|---|---|
| Preview export | Fastest, single file | Good | Local |
| Browser print | Fast | Sometimes flattens | Local |
| In-browser tool | Fast | Excellent | Local (verify) |
| qpdf CLI | Fastest at scale | Excellent | Local |
Worked example: a year of bank statements
You’ve downloaded twelve monthly statements from your bank, each protected with a user password derived from the last four digits of your account and your date of birth. You want to feed them all to your accountant’s software, which can’t handle encrypted PDFs.
- Install qpdf:
brew install qpdfon Mac,apt install qpdfon Debian/Ubuntu, or grab the Windows binary from qpdf.sourceforge.io. cd ~/Downloads/statements- Run the loop above with your password. Twelve unlocked PDFs in under a second.
- Import to your accountant’s tool. Done.
What if you’ve forgotten the password?
Honest answer: probably nothing easy. PDFs since version 1.7 (Acrobat 9 and later) use AES-128 or AES-256 encryption keyed off your password. There is no backdoor. Brute-forcing AES-256 from a random password is computationally hopeless on consumer hardware.
That said, two things often work in practice:
- The password is predictable. Banks, telecoms, and payroll providers usually derive the password from your DOB, national ID, or a customer number. Search the email the document arrived with — the convention is usually stated explicitly in the covering text.
- Old PDFs (pre-2008) used 40-bit RC4. A consumer CPU can brute-force these in hours; tools like John the Ripper have a pdf2john helper. If you have a 15-year-old PDF you locked yourself, this is feasible. For modern files, no.
For a recent encrypted PDF you don’t have the password to, the realistic path is to ask the sender for a new copy. Banks will re-issue. Employers will re-send.
After unlocking: re-secure if needed
If you’re archiving the unlocked PDFs locally, fine. If you’re sending the unlocked file onward, consider whether downstream recipients should have the same access. You can re-encrypt with a different password, or put the file in a password-protected zip, or use a cloud share with link expiry. The original’s password was protecting against transit interception more than anything else; once it’s on your laptop, the threat model changes.
Common pitfalls
- Free online unlockers. Many retain uploaded files for “at least 24 hours” per their own privacy policies. A 2024 survey of the top ten found three indexed uploads in ways that occasionally surfaced in search. Don’t use these for financial PDFs.
- Copy-paste “unlocking”. Pasting the text into a Word doc loses tables, formatting, and any embedded form data. Use a real decryption tool.
- Confusing user and owner passwords. If you can open the PDF without typing anything but can’t print, you have an owner-password-only file. qpdf decrypts it without any password.
For more on what PDF encryption actually protects against, when to use it, and how to set strong passwords on your own documents, read our full guide to PDF security. The threat model matters more than the specific tool.