How to Password Protect a ZIP File (Windows, Mac, Online)

To password protect a ZIP file, use 7-Zip on Windows (right-click, 7-Zip, Add to archive, set a password with AES-256) or the Terminal command zip -er archive.zip folder on Mac. Both encrypt the file so it cannot open without the password. Online tools work too, but never upload sensitive documents to them.

How do you password protect a ZIP file?

The fastest reliable method is a free archiver: 7-Zip on Windows or the built-in zip command on Mac. Pick AES-256 encryption, set a strong password, and send the password through a different channel than the file itself.

Windows File Explorer cannot password protect a ZIP on its own. The old "Encrypt contents" checkbox in the legacy compressed-folder tool got removed years ago, so you need a third-party app. Mac handles it from the Terminal with nothing to install.

Below are accurate, current steps for each platform, the real limits of ZIP passwords, and a better way to share confidential files when you need to know who opened them.

How to password protect a ZIP file on Windows (7-Zip)

7-Zip is free, open source, and supports strong AES-256 encryption. It is the most dependable option on Windows.

1. Download and install 7-Zip from the official site.
2. Select the files or folder you want to compress, then right-click them.
3. Choose 7-Zip then Add to archive from the menu (on Windows 11 you may need Show more options first).
4. In the dialog, set Archive format to zip.
5. In the Encryption box on the right, type your password twice.
6. Set Encryption method to AES-256.
7. Click OK.

Your ZIP is now encrypted. Anyone who tries to open it gets a password prompt before they can see the contents.

One caveat. With the standard ZIP format, AES-256 encrypts the file contents but the file names inside the archive may still be visible. If even the file names are sensitive, use 7-Zip's own .7z format instead and tick Encrypt file names.

How to password protect a ZIP file on Mac (Terminal)

macOS has no checkbox for this in Finder, but the built-in zip command does it in one line. Nothing to install.

1. Open Terminal (Applications then Utilities, or search with Spotlight).
2. Move into the folder that contains your files:

   cd ~/Documents
   

3. Run the encrypt command, naming your archive and the file or folder to add:

   zip -er secure.zip MyFolder
   

4. Type the password when prompted, then type it again to confirm.

The -e flag turns on encryption and -r includes everything inside the folder. The result, secure.zip, will not open without the password on any computer.

If you prefer a graphical app, Keka is a well-regarded free Mac archiver: open it, choose ZIP, set a password, then drag your files in.

One thing to watch. The native macOS zip command uses the older ZipCrypto standard, which is weaker than AES-256. For genuinely sensitive files on Mac, use Keka or 7-Zip (via the command line) and choose AES-256.

Can you password protect a ZIP file online?

Yes. Browser-based tools like WinZip's web app, or various "encrypt ZIP online" sites, let you upload files, set a password, and download an encrypted archive without installing anything.

Use them only for low-stakes files. Uploading a contract, cap table, or customer list to an unknown third-party server hands your unencrypted data to that server before it ever gets encrypted. For anything confidential, encrypt locally with 7-Zip or Terminal instead.

How secure is a password-protected ZIP file?

That comes down to the encryption method and the password.

• AES-256 (7-Zip, Keka, WinZip) is strong. A long, random password is effectively uncrackable with current technology.
• ZipCrypto (the legacy ZIP standard, used by the default Mac zip and older tools) is weak and can be broken with freely available software, especially if an attacker has any unencrypted copy of one file in the archive.
• A weak password defeats even AES-256. "Project2026" falls to a dictionary attack in seconds. Use a long passphrase or a password manager.

So a ZIP can be plenty secure if you choose AES-256 and a strong password. The encryption is rarely the real weak point, though. The bigger problem is everything that happens after you hit send.

The limits of password-protecting a ZIP

A password on a ZIP file protects the file at rest. It does nothing about how that file moves through the world, and that is where confidential documents actually leak.

• You still have to share the password. Email it next to the file and you have protected nothing. Send it over Slack or text and it lives in a chat history you do not control.
• No tracking. Once someone has the ZIP and the password, you have zero visibility. You cannot tell if they opened it, when, or whether they read past the first page.
• No revoke. A password cannot be un-shared. The moment it leaks to one extra person, every copy of that ZIP is exposed and there is nothing you can do.
• No expiry. The file works forever. A ZIP you sent during a deal that fell through two years ago still opens today with the same password.
• Easy to forward. The recipient can pass the file and password to anyone. There is no per-person control and no watermark tying a leaked copy back to whoever shared it.
• All or nothing. Whoever has the password sees every file inside. You cannot grant page-level or file-level access.

For sending photos to family or handing in a class assignment, a ZIP password is fine. For documents tied to a fundraise, an acquisition, or a customer contract, you need control that survives after the file leaves your machine.

A better way: share confidential files with a secure link

Skip the zip-encrypt-email dance with a static file you can never take back. Share the documents as a secure, trackable link instead. Plox is a secure document sharing and virtual data room platform for founders, investors and dealmakers, built for exactly this.

You upload the files once and share a link. The link never changes, so you can swap the file behind it anytime, and you keep full control of who can open it and what they can do.

• Passcode and email verification gate the link, so only the right people get in, with no separate password to leak alongside the file.
• Link expiry and one-click revoke mean access ends when you want it to. Kill a link the instant a deal dies or a person leaves.
• Per-viewer dynamic watermarking stamps every page with the viewer's email, so a leaked screenshot points straight back to the source.
• Page-by-page analytics show you who opened the document, how long they spent on each page, and whether they finished, with real-time notifications the moment someone views it.
• Allow or deny download lets people read in the browser without ever holding a copy they can forward.

You get the security a ZIP password is supposed to provide, plus the tracking, revoke, and expiry it never could. Plox has a genuine free plan: secure links, analytics, and real-time view notifications, no credit card and no time limit. Watermarking and data rooms are on the paid plans (see /pricing for current numbers).

For a deeper walkthrough of access controls, see how Plox document control handles passcodes, expiry, NDA, and download permissions in one place.

Frequently asked questions

Can I add a password to an existing ZIP file?

Not directly. The standard ZIP format does not let you bolt a password onto an already-created unencrypted archive. Recreate it with encryption: extract the files, then re-zip them with a password using 7-Zip (Windows) or zip -er (Mac). If you only have the ZIP, unzip it first, then make a new encrypted archive from the contents.

How do I password protect a ZIP without installing software?

On Mac you need nothing extra. The built-in Terminal command zip -er archive.zip folder works out of the box. Windows has no fully native option since File Explorer cannot set a ZIP password, so you either install a free tool like 7-Zip or use an online encryptor, which we only recommend for non-sensitive files.

Is AES-256 ZIP encryption safe enough for confidential documents?

The encryption itself is strong. AES-256 with a long, random password is not realistically crackable today. The weak point is everything around it: sharing the password safely, knowing who opened the file, and being able to revoke access. For confidential business documents, encryption alone falls short, which is why a trackable, revocable secure link is a better fit.

What is the difference between a ZIP password and ZipCrypto vs AES-256?

A "ZIP password" can use one of two encryption schemes. ZipCrypto is the old default: widely compatible but cryptographically weak and crackable. AES-256 is the modern standard, strong, and the one you should always select. The native macOS zip command uses ZipCrypto, while 7-Zip, Keka, and WinZip let you choose AES-256.

I forgot my ZIP password. Can I recover it?

There is no built-in recovery. If you chose AES-256 with a strong password, the file is effectively unrecoverable, which is the point. This is one more reason that, for documents you need ongoing access to and control over, a managed secure link beats a static encrypted file you can lock yourself out of permanently.

How can I track who opens a file after I send it?

A ZIP file cannot do this. Once it leaves your outbox you are blind. To see who opened a document, when, and how far they read, share it as a tracked link instead. Tools built for this, like Plox, give you page-by-page document control and analytics with real-time notifications, plus per-viewer watermarks so any leak is traceable.

Want control that does not end when the file leaves your machine? Share securely with Plox for free: secure links, analytics, and real-time notifications, no credit card required.

For related reading, see how to securely store documents and how to send a ZIP file via email, cloud and more.