Document Passcodes and Security Protection

Protect sensitive documents with passcode security in BreezeDoc. This guide covers adding passcodes to documents, how recipients access protected documents, security features, and best practices for secure document sharing.

Prerequisites

  • Account: Active BreezeDoc account (all plans support passcodes)
  • Plan: Available on Free, Pro, and Agency plans
  • Document: Document ready to send with recipients configured
  • Communication Method: Secure way to share passcode with recipients (phone, secure messaging, etc.)

What are Document Passcodes?

Document passcodes add an extra layer of security to your documents by requiring recipients to enter a password before viewing or signing. This feature:

  • Protects Sensitive Information – Ensures only authorized recipients can access documents
  • Verifies Recipient Identity – Confirms the person accessing the document is the intended recipient
  • Prevents Unauthorized Access – Protects against email forwarding or link sharing
  • Adds Security Layer – Combines with email delivery for two-factor protection
  • Complies with Security Requirements – Meets internal security policies for sensitive documents
  • Session-Based – Passcode entered once per session, not required for every page

Plan Availability

Document passcodes are available on all BreezeDoc plans:

  • Free Plan: ✅ Passcodes available
  • Pro Plan ($19/month): ✅ Passcodes available
  • Agency Plan ($49/month): ✅ Passcodes available

Note: Unlike some advanced features, passcodes do not require a paid plan upgrade.

Adding a Passcode to a Document

Step-by-Step Instructions

  1. Create or edit a document in BreezeDoc.
  2. Navigate to the Recipients section in the document editor.
  3. For the recipient you want to protect, look for the Require passcode to view checkbox.
  4. Check the Require passcode to view checkbox.
  5. A passcode input field appears below the checkbox.
  6. Enter your chosen passcode in the field (e.g., "AlphaDelta25").
    • 💡 Pro Tip: Click the eye icon next to the passcode field to show/hide your passcode as you type. This helps verify you entered the correct passcode, especially for complex passwords.
  7. You'll see help text: "The recipient will need to enter this passcode before they can access the document. You'll need to communicate this passcode to them directly."
  8. Configure the rest of your document (fields, message, etc.).
  9. Click Send to send the document.
  10. Important: Separately communicate the passcode to the recipient via phone, secure messaging, or another secure channel (NOT in the email).

Per-Recipient Passcodes

Each recipient can have their own unique passcode:

  • Multiple Recipients: Enable passcodes for some or all recipients
  • Different Passcodes: Use different passcodes for different recipients
  • Optional Protection: Some recipients can have passcodes while others don't
  • Security Flexibility: Protect only the most sensitive recipients

How Recipients Access Passcode-Protected Documents

Recipient Access Flow

  1. Recipient receives the document notification email.
  2. Recipient clicks the Sign Document or View Document link in the email.
  3. Instead of going directly to the document, recipient sees a passcode entry screen.
  4. Screen shows:
    • "Document Access Required" heading
    • "This document is protected with a passcode" message
    • Passcode input field
    • "Enter the passcode provided by the document sender" help text
  5. Recipient enters the passcode you provided separately.
  6. Recipient clicks Continue to Document.
  7. If passcode is correct, recipient proceeds to view and sign the document.
  8. If passcode is incorrect, error message shown and recipient can try again.

Session-Based Verification

Once a recipient enters the correct passcode:

  • Valid for Session: Passcode is remembered for the browser session
  • No Re-Entry: Recipient doesn't need to re-enter passcode when navigating pages
  • Multiple Visits: Passcode may need to be re-entered after closing browser or clearing cookies
  • Security Balance: Provides security without excessive friction

Security Features and Protections

Failed Attempt Tracking

BreezeDoc tracks failed passcode attempts to prevent brute-force attacks:

  • Attempt Counter: System tracks incorrect passcode entries
  • 5 Attempts Maximum: Recipients get 5 attempts before lockout
  • Warning Messages: After first failed attempt, warning shows: "X attempts remaining before temporary lockout"
  • Progressive Warnings: Warning becomes more prominent as attempts decrease

Temporary Lockout

After 5 failed passcode attempts:

  1. Recipient is temporarily locked out from accessing the document.
  2. Lockout screen displays:
    • "Access Temporarily Locked" message
    • Shield/lock icon
    • "Too many incorrect attempts" explanation
    • Time remaining until unlock (e.g., "Please try again in 30 minutes")
  3. Recipient must wait for the lockout period to expire.
  4. After lockout expires, recipient can try again with 5 new attempts.

Passcode NOT Sent via Email

Critical Security Practice:

  • Never include passcode in document email
  • Don't email passcode separately to the same email address
  • Communicate passcode via separate secure channel (phone call, SMS, secure messaging app)
  • Verify recipient identity before sharing passcode

Why? If both the document link and passcode are in the same email, anyone who accesses the email can access the document. Using a separate communication channel ensures true two-factor security.

When to Use Document Passcodes

  • Financial Documents: Loan agreements, financial disclosures, tax documents
  • Medical Records: HIPAA-protected health information, treatment consents
  • Legal Agreements: Confidential contracts, settlement agreements, NDAs
  • HR Documents: Employment contracts, termination agreements, salary information
  • Sensitive Personal Data: Documents containing SSN, bank account numbers, or other PII
  • High-Value Transactions: Real estate contracts, investment agreements, M&A documents
  • Compliance Requirements: When internal policies mandate additional security

When Passcodes May Not Be Needed

  • Standard business agreements with non-sensitive information
  • Documents already sent through other secure channels
  • Internal documents within trusted teams
  • Public or marketing materials

Passcode Best Practices

Creating Strong Passcodes

  • Length: Use at least 8-12 characters
  • Complexity: Mix uppercase, lowercase, numbers (e.g., "Delta42Bravo")
  • Avoid Personal Info: Don't use birthdates, names, or easily guessable information
  • Unique Passcodes: Use different passcodes for different documents or recipients
  • Random Generation: Consider using a password generator for maximum security
  • Easy to Communicate: Balance security with ease of verbal communication (avoid ambiguous characters)

Securely Sharing Passcodes

  • Phone Call: Best for high-security documents – verify recipient identity first
  • SMS/Text Message: Acceptable for moderate security, sent to verified phone number
  • Secure Messaging Apps: Signal, WhatsApp, or other encrypted messaging
  • In-Person: Ideal when possible for highly sensitive documents
  • Separate Email Account: Only if recipient has a separate verified email (e.g., personal vs. work)
  • Video Call: Combine identity verification with passcode sharing

Managing and Documenting Passcodes

  • Keep a secure record of passcodes used (password manager, encrypted document)
  • Note which passcode was used for which recipient and document
  • Don't store passcodes in plain text email or unencrypted files
  • Have a process for recipients who lose or forget passcodes
  • Consider creating passcode naming conventions for your team

Troubleshooting

Issue: Recipient says they never received the passcode
Fix: Verify you communicated the passcode via the agreed-upon channel (phone, SMS, etc.). Check that you shared the correct passcode for this specific document/recipient. Resend the passcode via the same secure channel. If recipient still can't access, consider resending the document without a passcode and using a different security method.

Issue: Recipient entered correct passcode but still gets error
Fix: Verify the passcode is case-sensitive and entered exactly as provided (check for extra spaces). Ensure recipient hasn't been temporarily locked out from too many failed attempts. Ask recipient to try copying and pasting the passcode instead of typing. Clear browser cookies and cache, then try again. If issue persists, re-send the document with a new passcode.

Issue: Recipient is locked out after failed attempts
Fix: Recipient must wait for the temporary lockout period to expire (displayed on the lockout screen). Verify the correct passcode and share it again via secure channel. Once lockout expires, recipient can try again with the correct passcode. If urgent, resend the document to create a new access link (this bypasses the lockout on the old link).

Issue: Cannot find passcode checkbox in document editor
Fix: Ensure you're in the document editor with recipients added. Scroll to the Recipients section. The "Require passcode to view" checkbox appears below each recipient's email/name. Verify you're using a recent version of BreezeDoc (older versions may not have this feature). Try refreshing the page or using a different browser.

Issue: Recipient asks to remove passcode from already-sent document
Fix: Unfortunately, passcodes cannot be removed from documents that have already been sent. You can resend the document without the passcode requirement. Alternatively, if the recipient has the correct passcode, they can enter it and proceed normally (passcode is remembered for the session).

Issue: Want to change passcode after sending document
Fix: Passcodes cannot be changed after a document is sent. If you need a different passcode, you must resend the document with a new passcode. Recipients who already accessed the document with the old passcode will need to use the new passcode if their session expires.

FAQ

Q: Are passcodes available on all BreezeDoc plans?
A: Yes! Document passcodes are available on Free, Pro, and Agency plans at no additional cost. This security feature is included for all BreezeDoc users.

Q: How long is the lockout period after failed attempts?
A: The exact lockout duration varies but is typically 15-30 minutes. The lockout screen shows the exact time remaining (e.g., "Please try again in 23 minutes").

Q: Can I use the same passcode for multiple documents?
A: Yes, you can use the same passcode for multiple documents, but for better security, we recommend using unique passcodes for each sensitive document or recipient.

Q: Do recipients need to enter the passcode every time they view the document?
A: No. Once the passcode is correctly entered, it's remembered for the browser session. Recipients only need to re-enter the passcode if they close their browser, clear cookies, or access the document from a different device.

Q: What happens if a recipient forgets the passcode?
A: Contact the document sender (you) to receive the passcode again via a secure channel. The sender should verify your identity before resharing the passcode. There is no "forgot passcode" recovery feature for security reasons.

Q: Can I see if a recipient entered the wrong passcode?
A: No, for security and privacy reasons, BreezeDoc does not provide analytics on failed passcode attempts. This prevents attackers from identifying which documents have passcode protection.


Need more help? Contact our support team – we are here to help!

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles