How to Password Protect a Folder on Windows, Mac, and Online

To password protect a folder, use BitLocker or 7-Zip on Windows, an encrypted disk image via Disk Utility on Mac, or a password-protected ZIP for online sharing. These methods encrypt the folder locally. If you want to share a protected folder with someone outside your company and keep tracking and revocable access, use a tool like Plox instead.

Built-in tools are fine for locking a folder on your own machine. They fall short the moment you need to send that folder to someone else. This guide covers every reliable method on Windows, Mac, and online, plus where each one breaks down and a better way to share a protected folder with people outside your company.

How do I password protect a folder on Windows?

Windows has no single "set a password on this folder" button. You get three real options, depending on your edition and what you need.

Option 1: BitLocker (Windows Pro, Enterprise, Education)

BitLocker encrypts an entire drive, not a single folder. The cleanest way to protect one folder is to put it inside a virtual encrypted drive (a VHD).

1. Open Disk Management, click Action, then Create VHD. Pick a size and location, and create the virtual disk.
2. Initialize the new disk, create a simple volume, and assign it a drive letter.
3. Open File Explorer, right-click the new drive, and select Turn on BitLocker.
4. Choose Use a password to unlock the drive, enter a strong password, and save the recovery key somewhere safe.
5. Move your folder onto this drive. Eject the VHD to lock it; mount and unlock it with your password to get back in.

BitLocker uses AES encryption and is the strongest native Windows option. Two catches: it is not on Windows Home, and a lost recovery key means lost data.

Option 2: 7-Zip or WinRAR encrypted archive (any Windows version)

This is the most accessible method and works on every edition, Home included.

1. Install 7-Zip (free) or WinRAR.
2. Right-click your folder, open the 7-Zip submenu, and choose Add to archive.
3. Set the Archive format to 7z (stronger) or zip.
4. In the Encryption box, enter a password and select AES-256.
5. Tick Encrypt file names so nobody can see what is inside without the password, then click OK.

The result is a single encrypted archive. Anyone with the password and 7-Zip can open it. See how to password protect a ZIP file for the full walkthrough and the format gotchas.

Option 3: Folder Lock or similar third-party apps

Dedicated apps like Folder Lock put a password prompt directly on a folder, plus extras like hidden lockers and shredding. They are convenient, but you are trusting a third-party vendor with your encryption, and the paid tiers add up. Treat them as a usability layer, not a stronger guarantee than BitLocker or AES-256 archives.

One note: the old "right-click, Properties, Advanced, Encrypt contents" trick (EFS) does not prompt for a password. It ties the folder to your Windows user account, so it only stops other users on the same PC, not anyone who has your login.

How do I password protect a folder on Mac?

macOS has a clean, built-in answer: an encrypted disk image. It bundles your folder into a single .dmg file that asks for a password before it opens.

1. Open Disk Utility (Applications, Utilities).
2. In the menu bar, click File, then New Image, then Image from Folder.
3. Select the folder you want to protect and click Choose.
4. Set Encryption to 256-bit AES (slower to create, strongest) or 128-bit AES.
5. Set Image Format to read/write if you want to add files later, or compressed to lock the contents.
6. Enter and confirm a strong password, then click Save.

You now have a .dmg file. Double-click it, enter the password, and it mounts like a drive. Eject it to lock it again. Uncheck "Remember password in my keychain" so the prompt actually appears each time.

For a quick one-off, Terminal also works: zip -er ProtectedFolder.zip FolderName creates a password-protected ZIP that opens on Mac, Windows, and Linux.

How do I password protect a folder online for sharing?

Two common approaches, both with real limits.

1. Zip and encrypt, then upload. Create an AES-256 archive (7-Zip on Windows, the Terminal zip -er command on Mac), then upload it to Google Drive, Dropbox, or WeTransfer and send the password separately.
2. Use cloud storage permissions. Drive and Dropbox let you restrict a folder to specific email addresses or generate a link. Dropbox paid plans and Drive let you add link passwords and expiry on some tiers.

Both work for casual sharing. Neither gives you control after the file lands in someone's inbox, which is the whole problem with sharing a folder of sensitive documents.

What are the limits of the manual way?

Encrypting a folder locally is solid. Sharing that folder is where every manual method breaks down.

• No control after sending. Once someone has the archive and password, they can copy it, forward it, or keep it forever. You cannot revoke access or expire it.
• No visibility. You have no idea if the recipient opened it, which files they read, or whether they forwarded it. For investor updates or due diligence, that blindness costs you.
• Password friction. You have to deliver the password over a second channel, and if it leaks once, the file is open forever.
• Clumsy updates. Update one document and you must re-zip, re-encrypt, and re-send the whole folder. The old version still lives in their inbox.
• No leak deterrent. A static archive can be screenshotted or re-shared with zero trace back to who did it.

For storing files on your own machine, fine. For sending a folder to investors, clients, or a counterparty, you need access control that survives after the file leaves your computer. See how to securely store documents for the storage side of this.

The better way: share a protected folder with Plox

Plox is a secure document sharing and virtual data room platform for founders, investors and dealmakers. Instead of zipping a folder and emailing it, you upload it once and share a trackable link, and control stays in your hands after you hit send.

This is what you get that a password-protected ZIP cannot do:

• Passcode-protected links and email verification, so only the right people open the folder. No archive password to leak.
• Page-by-page analytics: who opened it, time per page, completion percentage, and real-time notifications the moment someone views.
• Granular document control: allow or block downloads, set link expiry, require a one-click NDA, and revoke access instantly even after sharing.
• Dynamic per-viewer watermarking on every page, so a leaked screenshot points back to who leaked it.
• Virtual data rooms with real folders, so an entire deal folder lives behind one link you can update anytime without re-sending.
• The link never changes. Swap in a new version of any file and everyone sees the latest, no re-zip, no re-send.

Plox has a genuine free plan: secure links, analytics, and real-time notifications, no credit card and no time limit. Paid plans add watermarking, data rooms, and advanced security at a flat published price (Free $0 forever, Pro $24/mo, with higher tiers for teams and data rooms; see /pricing for current). For anything you would otherwise zip and email, a passcode link is faster and far more controlled.

Frequently asked questions

Can I password protect a folder on Windows 10 Home?

Not natively with a per-folder password. Windows Home leaves out BitLocker, and the built-in EFS encryption ties files to your account rather than prompting for a password. The reliable method is a 7-Zip or WinRAR archive with AES-256 encryption, which works on every Windows edition.

Is a password-protected ZIP actually secure?

Depends on the encryption. A ZIP using AES-256 (set it explicitly in 7-Zip or WinRAR) is strong. The older "ZipCrypto" standard is weak and crackable, so always choose AES-256, use a long random password, and enable "encrypt file names."

What happens if I forget the folder password?

For BitLocker, your recovery key is the only way back in, so store it separately. Encrypted disk images and archives have no backdoor by design. A forgotten password generally means the data is gone, which is exactly why you back up the password in a manager.

How do I share a password-protected folder safely?

Do not email the archive and password together. Deliver them over separate channels, or skip the archive entirely and use a secure sharing tool. With Plox you upload the folder once and share a passcode-protected link with expiry, revocation, and view tracking, so you keep control after sending.

Can someone tell if I opened a shared folder?

Not with a plain ZIP or a basic cloud link. To know who opened a folder, which files they read, and for how long, you need document tracking. Plox gives you page-by-page analytics and real-time view notifications on every shared link.

Does encrypting a folder protect it from malware?

No. Encryption controls who can read a folder. It does not stop malware or ransomware on an already-unlocked system. Keep your OS patched, run security software, and maintain offline backups alongside encryption.

Ready to stop zipping and emailing sensitive folders? Share a protected folder securely with Plox and keep control of every file after you send it.