1. In Acrobat, select the hamburger menu 
(Windows) or Acrobat menu (macOS) and then choose Preferences > Signatures. In Identities & Trusted Certificates, select More.
Managing Digital IDs Part 2
Specify the default digital ID
To avoid being prompted to select a digital ID each time your sign or certify a PDF, you can select a default digital ID.
2. Select Digital IDs on the left, then select the digital ID you want to use as the default.
3. Click the Usage Options button
, and choose a task you want the digital ID as the default. To specify the digital ID as the default for two tasks, select the Usage Options button again and select a second option.A check mark appears before selected options. If you select only the signing option, the Sign icon
appears next to the digital ID. If you select only the encryption option, the Lock icon 
appears . If you select only the certifying option or the signing and certifying options, the Blue Ribbon icon 
appears .NoteTo clear a default digital ID, repeat these steps, and deselect the usage options you selected.
Change the password and timeout for a digital ID
Passwords and timeouts can be set for PKCS #12 IDs. If the PKCS #12 ID contains multiple IDs, configure the password and timeout at the file level.
Note
Self-signed digital IDs expire in five years. After the expiration date, you can use the ID to open, but not sign or encrypt, a document.
1. In Acrobat, select the hamburger menu
(Windows) or Acrobat menu (macOS) and then choose Preferences > Signatures. In Identities & Trusted Certificates, select More.- 2. Expand Digital IDs on the left, select Digital ID Files, and then select a digital ID on the right.
3. Select Change Password. Type the old password and a new password. For each keystroke, the password strength meter evaluates your password and indicates the password strength using color patterns. Confirm the new password, and then select OK.
4. With the ID still selected, select the Password Timeout button.
- 5. Specify how often you want to be prompted for a password:
Always Prompts you each time you use the digital ID.
After Lets you specify an interval.
Once Per Session Prompts you once each time you open Acrobat.
Never You’re never prompted for a password.
6. Type the password, and select OK.
Note
Be sure to back up your password in a secure place. If you lose your password, either create a new self-signed digital ID and delete the old one, or purchase one from a third-party provider.
Delete your digital ID
When you delete a digital ID in Acrobat, you delete the actual PKCS #12 file that contains both the private key and the certificate. Before you delete your digital ID, ensure that it isn’t in use by other programs or required by any documents for decrypting.
Note
You can delete only self-signed digital IDs that you created in Acrobat. A digital ID obtained from another provider cannot be deleted.
1. In Acrobat, select the hamburger menu
(Windows) or Acrobat menu (macOS) and then choose Preferences > Signatures. In Identities & Trusted Certificates, select More.- 2. Select Digital IDs on the left, and then select the digital ID to remove.
3. Select Remove ID.
4. Enter the password, and then select OK.
NoteIf you have forgotten the password, you cannot delete the ID from here. When you click Remove ID, the Acrobat Security dialog box shows the complete location of the digital ID file. Go to the location, delete the file, and then relaunch Acrobat. The ID is removed from the list.
Protecting digital IDs
By protecting your digital IDs, you can prevent unauthorized use of your private keys for signing or decrypting confidential documents. Ensure that you have a procedure in place in the event your digital ID is lost or stolen.
How to protect your digital IDs
When private keys are stored on hardware tokens, smart cards, and other hardware devices that are password- or PIN-protected, use a strong password or PIN. Never divulge your password to others. If you must write down your password, store it in a secure location. Contact your system administrator for guidelines on choosing a strong password. Keep your password strong by following these rules:
Use eight or more characters.
Mix uppercase and lowercase letters with numbers and special characters.
Choose a password that is difficult to guess or hack, but that you can remember without having to write it down.
Do not use a correctly spelled word in any language, as they are subject to “dictionary attacks” that can crack these passwords in minutes.
Change your password on a regular basis.
Contact your system administrator for guidelines on choosing a strong password.
To protect private keys stored in P12/PFX files, use a strong password and set your password timeout options appropriately. If using a P12 file to store private keys that you use for signing, use the default setting for password timeout option. This setting ensures that your password is always required. If using your P12 file to store private keys that are used to decrypt documents, make a backup copy of your private key or P12 file. You can use the backed up private key of P12 file to open encrypted documents if you lose your keys.
The mechanisms used to protect private keys stored in the Windows certificate store vary depending on the company that has provided the storage. Contact the provider to determine how to back up and protect these keys from unauthorized access. In general, use the strongest authentication mechanism available and create a strong password or PIN when possible.
What to do if a digital ID is lost or stolen
If your digital ID was issued by a certificate authority, immediately notify the certificate authority and request the revocation of your certificate. In addition, you should not use your private key.
If your digital ID was self-issued, destroy the private key and notify anyone to whom you sent the corresponding public key (certificate).
Smart cards and hardware tokens
A smart card looks like a credit card and stores your digital ID on an embedded microprocessor chip. Use the digital ID on a smart card to sign and decrypt documents on computers that can be connected to a smart card reader. Some smart card readers include a keypad for typing a personal identification number (PIN).
Similarly, a security hardware token is a small, keychain-sized device that you can use to store digital IDs and authentication data. You can access your digital ID by connecting the token to a USB port on your computer or mobile device.
If you store your digital ID on a smart card or hardware token, connect it to your device to use it for signing documents.
Related Articles
Managing Digital IDs Part 1
Digital IDs FAQ What is a digital ID? A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, ...Validating digital signatures Part 3
View signed and certified PDF Portfolios A properly signed or certified PDF Portfolio has one or more signatures that approve or certify the PDF Portfolio. The most significant signature appears in a Signature badge in the toolbar. Details of all ...Validating digital signatures Part 1
What is a digital signature? Digital signatures are a secure and efficient way to electronically sign and authenticate documents, ensuring their authenticity and integrity. By using digital signatures, you can sign documents quickly and easily, and ...Validating digital signatures Part 2
Timestamp a document Acrobat allows users to add a document timestamp to a PDF without needing an identity-based signature. To timestamp a PDF, a timestamp server is needed. See how to configure a timestamp server. A timestamp guarantees the ...Managing comments | view, reply, print Part 2
Print a comment summary Summarizing comments is a convenient way to get a synopsis of all the comments associated with a PDF. When you summarize comments, you can either create a PDF with comments that you can print, or you can print the summary ...