Password Protect Client PDFs Before Emailing (Banks, Courts, Clients)
A practical guide for advocates and CAs who email sensitive documents daily. AES-256 encryption applied on your device — the safest way to share PDFs over email.
Why Encrypt Before Emailing?
Email is inherently insecure. When you email a court filing, ITR acknowledgement, or settlement agreement to a client, the PDF travels in plaintext through multiple mail servers. If any server is compromised — or the email is forwarded to the wrong person — the client's data is exposed.
⚠️ Real Risk
In 2024, a CA firm in Bengaluru accidentally emailed a client's complete ITR + Form 26AS (containing PAN, Aadhaar, bank account numbers) to the wrong client with the same surname. The DPDP notification requirement was triggered. The firm is now facing a ₹10 lakh claim.
Password-protecting the PDF adds a critical safety layer: even if the email goes to the wrong person, the content is unreadable without the password (shared separately via phone/SMS).
When to Password-Protect Documents
Emailing ITR / Form 16 / 26AS to clients
Contains PAN, Aadhaar, bank details, income details
Sending settlement drafts to opposing counsel
Commercially sensitive terms; prevents forwarding to third parties
Sharing court filing PDFs with co-counsel
May contain client Aadhaar, witness details, financial data
Sending bank KYC documents
Aadhaar, PAN, photograph — the full identity theft kit
Emailing property documents for registration
Land records, sale deeds, stamp duty receipts with financial details
Sharing M&A due diligence reports
Revenue, IP, litigation details — the crown jewels of any deal
Step-by-Step: Password Protect a PDF
Step 1: Open the Protect Tool
Go to Protect PDF. Drop your document. It stays on your device — no upload.
Step 2: Set a Strong Password
Use a password that's strong but shareable verbally. Good pattern for legal practice:
Recommended format: [ClientInitials][CaseYear][4digits]
Examples: RSK20267749, MNT20268812
Share the password via phone call or SMS — never in the same email.
Step 3: Choose Encryption Level
EverydayPDF uses AES-256 encryption — the same standard used by the Indian military and global banking systems. This is not a "password wrapper" — the entire file content is encrypted and unreadable without the key.
Step 4: Download & Email
Download the encrypted PDF and attach it to your email. Send the password via a separate channel (phone call, SMS, or WhatsApp message).
The Two-Channel Rule
Never send the password in the same email as the encrypted PDF. This is the "two-channel rule" used in banking and legal practice worldwide:
Even if the email is intercepted, the attacker needs access to a completely separate communication channel to decrypt the file.
AES-256 vs. Other Encryption
| Method | Security | Used By |
|---|---|---|
| AES-256 (EverydayPDF) | Military-grade; would take billions of years to brute-force | Indian defence, global banking, US government |
| AES-128 | Strong; suitable for most use cases | Standard "password protect" in most PDF tools |
| RC4 40-bit | Weak; crackable in minutes | Old Adobe Reader versions — avoid |
| No encryption (plain PDF) | None — anyone can open | Most free PDF tools' default |
Protect your next client document in 5 seconds.
AES-256 encryption, applied on your device. Zero upload, works offline.