Another day at the office, even though it was a Bank Holiday. Most places shut down in the City of London at the weekends and Bank Holidays, with just a few eating places and small shops still open, and some offices where people work most of the days/hours of the week.
There are less people in the office, of course, but there was still enough work to keep me busy.
There was one rather peculiar request that was quite unusual and impossible for us to fulfil. One person sent some PDF files as attachments, saying he wanted them all to be combined into one PDF, and as some had passwords, could we remove the passwords and then combine the files?
So, now we are password crackers? Hacking a PDF to get past the secure password is not a service that we offer in the office, and nor should we. Quite possibly it would be illegal, and if not, still technically beyond our skills and those of anyone else in the organisation. Time to call in professional crackers to sort it out? Or just tell the requestor that we cannot do it. I hope the person understood.
So why are files password protected? In this case, the PDFs could be printed to normal printers, but not modified in any way nor printed to PDF (as printing to PDF would create a new PDF that did not have password protection). The passwords are there to protect intellectual property, so any attempt to get around that is not professional or ethical.
If you have a password-protected PDF and want to do things with it that the password prevents you from doing, consider that what you want to do is either illegal, immoral or you could just ask the people who created the PDF if they might consider giving you the password or else combine the required PDFs into one PDF for you.
Encryption of various kinds can be and has been broken, and when you create files or want to keep them protected, then encryption of some sort can be useful, especially if you choose strong encryption and good passwords. The longer the better, in general, and if you can choose from all the available types of characters to use that is better, e.g. at least one upper case letter, at least one lower case letter, at least one symbol; and if they say at least 10 characters make sure it is a lot more than 10 characters, and if they have a maximum length you can choose then go for it. And avoid sequences of letters or numbers, e.g. do not use abcdefg or 1234567.
Storing passwords that might otherwise be hard to remember can be facilitated by either writing them down in a secure book kept in a secret place, perhaps, or else using software that stores them in an encrypted format, where you only have to remember one master password. I like a program called KeePass, which runs on my Linux PC and Android smartphone, but there are other choices as well.
What do you think is a good way to choose and remember a password? If you have any comments, then please leave them below in the box, but note that all comments will be moderated (to stop spammers).
David King, MD, Avoura Ltd.