PDF Password Lost: How to Recover Access to an Encrypted PDF

Losing the password to a PDF you own is common and recoverable in many cases, but the recoverability depends entirely on when the PDF was encrypted and how strong the password was. This guide assumes the file is yours, or that you have authorization to recover it — a forgotten work document, your own tax return, a password you set years ago on a personal file. The tools named here are not a path into other people’s documents, and the realistic limitations below apply equally to anyone claiming otherwise.

The short version: PDFs from the early 2000s often give up their passwords in seconds. PDFs from the last ten years protected with a non-trivial password usually don’t, regardless of tool, budget, or time. The single most effective step is not a technical one — it’s finding the password you already have somewhere you haven’t looked yet.

Quick fix

1. Check every plausible place you might have saved the password. Password managers (1Password, LastPass, Bitwarden, browser-saved passwords), your email archive (search for the file name — the password was often sent separately), notes apps, sticky notes, phone notes, a Word doc called “passwords.” Most “lost” passwords aren’t actually lost.

2. Ask whoever sent you the file. Passwords are commonly shared out-of-band from the file itself. If the PDF came from a bank, law firm, accountant, HR system, or any service, the sender can resend the password or often resend the file unencrypted via a different secure channel.

3. Identify how the file is encrypted. Run:

   qpdf --show-encryption input.pdf

   This reports the encryption algorithm and key length. The output determines whether recovery is feasible: 40-bit encryption is weak and attackable; 128-bit RC4 is attackable for weak passwords; 128-bit and 256-bit AES with a non-trivial password are effectively unbreakable. Read the “Why this matters” section below before spending time on tools.

If that didn’t work

If you know the password, use qpdf to remove it

If the issue turns out to be “I found the password but the file still won’t open” rather than true password loss, that’s a different problem — the encryption dictionary may be damaged. See the separate guide to password-protected PDFs that won’t accept a valid password. For the normal case where the password is known:

qpdf --password=your-password --decrypt input.pdf output.pdf

This produces an unencrypted copy. Complete documentation in the complete guide to qpdf.

If the file uses 40-bit encryption

40-bit encryption was the PDF 1.1 through 1.3 default (1996–2001) and is cryptographically broken. Any password can be recovered regardless of strength. The open-source tool pdfcrack is the standard option:

pdfcrack -f input.pdf

For a short password this typically completes in minutes to hours on modern hardware. pdfcrack attacks the user password directly; if the file has both user and owner passwords, the owner password sometimes falls first and is equally sufficient for decryption.

Files with 40-bit encryption are now rare because readers have flagged it as weak for many years, and modern PDF-generating tools default to AES. If qpdf --show-encryption reports 40-bit, the file is likely pre-2005 and recovery is straightforward.

If the file uses 128-bit RC4 or AES and you remember part of the password

Modern 128-bit and 256-bit AES encryption cannot be brute-forced at any realistic password length. But if you remember part of the password — the rough length, the first few characters, the structure (a common word plus numbers), or a short list of likely candidates — a targeted dictionary attack has a real chance. The standard workflow uses John the Ripper:

pdf2john input.pdf > hash.txt
john hash.txt --wordlist=your-candidates.txt

your-candidates.txt is a file you create containing one candidate password per line. The more you can narrow the candidate list based on what you remember, the shorter the attack takes. For a list of a few thousand plausible variants, results come in seconds to minutes. For a generic wordlist of ten million common passwords, it may take hours. For true brute force against an unknown password longer than 8–10 characters, modern encryption defeats consumer hardware.

If the file uses 256-bit AES with a strong password

Stop. The math is firmly against recovery:

• AES-256 itself is not breakable by any current technique.
• The PDF 2.0 password hashing is deliberately slow (large iteration count designed to resist brute force).
• A strong password (12+ characters, mixed case/numbers/symbols, not from a common wordlist) against this scheme requires compute that doesn’t exist at consumer or business scale.

Commercial services claiming to decrypt any PDF fall into two categories. The honest ones use the same dictionary and pattern-based attacks described above and succeed on the same weak passwords — paying them rarely produces results the user couldn’t have achieved with free tools. The dishonest ones charge a fee to produce nothing, or charge a fee to return a “recovered” file that’s actually a re-creation from whatever visible content they could scrape.

If you genuinely cannot find the password and the file is genuinely protected with strong AES-256, the practical options are:

• Contact the sender or source. Regeneration is almost always faster than cracking.
• Reconstruct the content from another source. If the PDF is a bank statement, the bank has the data. If it’s a tax document, your accountant or the tax authority has the data.
• Accept the loss. For personal archives where the content can’t be regenerated, the file is effectively gone.

This is an uncomfortable answer, but it’s the truthful one.

Advanced recovery

For legacy files where the encryption is genuinely weak (40-bit, or 128-bit RC4 with a known-weak password source), pdfcrack with a custom character set and length range can brute-force where a dictionary has failed:

pdfcrack -f input.pdf -c 'abcdefghijklmnopqrstuvwxyz0123456789' -n 4 -m 8

This attacks passwords of 4 to 8 characters using lowercase letters and digits. Every added character class (uppercase, symbols) multiplies the search space; every added length roughly multiplies it by the character set size. Realistic attacks on 40-bit PDFs can search into the 8–10 character range in reasonable time on a modern machine; on 128-bit RC4, this drops closer to 6–7 characters for a run that completes in days.

For older corporate PDFs where the password followed a known organizational pattern (first name plus date, employee ID plus two digits, and so on), constructing a rule-based attack with John the Ripper’s rules engine often succeeds quickly because the search space is small.

Why this matters

PDF encryption has four generations that differ dramatically in recoverability. Knowing which one you’re dealing with — qpdf --show-encryption tells you immediately — is the difference between a five-minute job and an impossible one.

40-bit RC4 (PDF 1.1–1.3, roughly 1996–2001). The key space is small enough that every possible key can be tried on modern hardware. Password strength is irrelevant; the key itself falls. Recoverable in all cases.

128-bit RC4 (PDF 1.4–1.5, roughly 2001–2005). The cipher is significantly weakened by design choices in the PDF standard, but the key space is still too large for brute force. Password strength matters: weak passwords fall to dictionary attacks, strong passwords do not.

128-bit AES (PDF 1.6–1.7, roughly 2005–2017). AES is mathematically sound. Only password attacks work. Weak passwords fall; strong passwords don’t.

256-bit AES (PDF 2.0, roughly 2017 onwards). AES-256 with the PDF 2.0 password hashing is the current state of the art. Only password attacks work, and the hashing is designed to make dictionary attacks slow. Only genuinely weak passwords are recoverable.

The practical implication: if your “lost” PDF was created in the last several years with a password you chose for security rather than convenience, recovery is not a technical problem to be solved with better tools. The file is effectively inaccessible without the password, which is the point of the encryption.

Also worth saying plainly: any tool that promises to “recover any PDF password in minutes” is either targeting only the 40-bit case (honest about what it does) or overstating its capability. There is no magic that bypasses strong cryptography, and any service or software claiming otherwise is misleading customers.

Preventing this in future

Save PDF passwords in a password manager at the moment you set them. 1Password, Bitwarden, and similar tools handle this natively. The marginal friction of saving the password is negligible compared to the risk of losing access to an encrypted document.

Prefer access control over document encryption where possible. For a document that should only be accessible to certain people, storing it in a controlled location (a team drive with explicit permissions, a secure portal) is more recoverable than a standalone encrypted PDF. Access can be regranted; lost passwords cannot always be recovered.

Keep an unencrypted backup of documents you create in a location you control. If you encrypt a PDF to share it, keep the source document or an unencrypted copy somewhere safe. This is not a workaround for other people’s encrypted files, but it removes your own files from the “permanently lost” category entirely.

For legacy archives, migrate off weak encryption while you can. If you have 40-bit or old 128-bit RC4 PDFs you still need, decrypt them now (you likely still have the passwords) and re-encrypt with AES-256 and a password stored properly. Old weak encryption is not protecting the files from anyone determined to read them, and is protecting them from you if you lose the password.

Related issues

If you have the password and the file still won’t open, the problem is structural damage to the encryption dictionary rather than a lost password — see the broader guide to PDFs that won’t open for the diagnostic sequence, then apply qpdf --linearize with the password supplied. For the full explanation of PDF encryption and the underlying format, see the PDF repair complete guide.

Last verified: April 2026