Zip files are a fast and easy option when you want to protect files from being accessed by casual users. While the technology behind them is quite old, and they don’t have the security required to protect extremely sensitive information, they’re great for compressing and sharing large amounts of data in easy-to-transport folders.
The Dangers on Relying on Zip Files
The essential technology behind zip files has been around for decades. You gather your files and folders together, select a password, encrypt them, and they’re put in a single, compressed folder. When someone wants to access the contents inside, they just have to enter the password. Before using zip files, however, there is one thing you need to keep in mind: anyone can crack open a zip file if they have the motivation to do so. They just have to download the right (free) software.
There are two levels of security on a password-protected zip file: the encryption security and the password. There are currently two standard levels of encryption for zip files, 128 and 256 bits, with 256-bit encryption far superior to the 128-bit version. Fortunately, the major zip utilities support this level of encryption.
Encryption is just part of the equation. The other part is the strength of your password. Cracking the password on a zip file is a lot easier than cracking the password on a web server or an email server. Servers have safeguards in place so that if someone is trying to use a brute force attack to crack the password, the network admins can take corrective measures to stop the attack.
That’s a lot different from someone who has a zip file in their personal possession. They can put it on their own computer and then they have all the time in the world to work on it, without detection or interruption.
Just as importantly, there is no such thing as two-factor authentication for zip files. When someone does get the password, they have access to the file — and you will never know about it.
Password-Protect Zip Files: Windows 10
Windows 10 has a native utility for making Zip folders, but it doesn’t have an option for password protection. To set a password on your zip files, you’ll need to get a third-party app.
There is a way to encrypt folders on Windows 10 (except the Home edition) using EFS (Encrypted File System), but these aren’t zip files, and there are three big problems with this method:
- EFS doesn’t create zip folders. They are password protected, but this is based on your Windows password, which you likely don’t want to share.
- If you encrypt a folder using EFS and then put it in a zip folder, it automatically loses its encryption and password protection.
- The encryption in EFS isn’t the best, according to experts at Infosec Resources.
WinZip is a very popular app for password-protecting zip files. You can download and install WinZip for free for a few weeks before you’re asked to pay for it. Once you’ve installed the software, password-protecting your files is a three-step process:
- Open WinZip and click “Create/Share” in the Options menu to open the Actions menu.
- Click the “Encrypt” option and then drag a file into NewZip.zip area of the window.
- Enter a password when prompted.
WinRAR is another popular utility that offers a free trial period. Setting a password is also very easy.
First, download and install WinRAR. When you open WinRAR, it displays a list of files and folders. Navigate to the ones you want to zip up and click the “Add” button for each one. Alternately, you can right-click files on your computer and select “Add to Archive” to launch WinRAR.
Select the Zip format and click the “Set Password” option. When you click “OK,” the app will zip and password-protect the files you selected.
A third option is 7-Zip. It’s also very popular and is free during the trial period.
- Right-click the files or folders you want to zip up and select “Add to Archive.”
- Enter a name for the new zip file you want to create and select the Encryption and Password options.
- Enter your password when prompted and click “OK.”
Password-Protect Zip Files: Mac OS X
Mac computers have their own program for creating zip files, but there’s no option to add a password. To create unprotected zip files, open Archive Utility, then go to Preferences and change the archive format to zip.
On a Mac computer running MacOS Big Sur or later, you can use Terminal to quickly create a password-protected zip file. To make navigating around Terminal easier, find the folder containing the documents you want to compress and drag them onto your desktop.
Terminal is located in the Utilities folder in Finder. To open it quickly, launch Spotlight by pressing Cmd-Space, type “terminal” in the search field that opens and press Return.
Once Terminal is open, type “cd Desktop/” and press Enter. This changes the command-prompt location to your desktop.
There are four components to the command you will use in Terminal:
- The zip command: zip
- The command attributes to password-protect the new zip file: -er
- The name you want for the zip file, including its extension: confidential.zip, info.zip, even zippy.zip
- The files or folders you want zipped.
For example, if you’re creating a zip file called info.zip from two files called info1.docx and info2.docx, the command you would type is: zip -er info.zip info1.docx info2.docx
There are no extensions on folders, so if you’re zipping folders, just use their names. For example, if the folder’s name is Folder1, then you would use: zip -er info.zip Folder1
Zipping Files With Less Typing
Here’s a tip a lot of Mac users don’t seem to know: Terminal supports dragging and dropping. While it’s important to understand the mechanics behind the zip command in Terminal, you don’t actually need to use it. Just type the beginning of the zip command, including the file you want to create, then add one space. Then drag your files and folders from the desktop into the Terminal window and press the Return key.
Make sure the files you are zipping are all in the same folder on your desktop; otherwise the contents in the zip file will be put in a series of nested folders mirroring the architecture of your Mac’s storage.
After you enter your password, the zip file will appear on your desktop, regardless of where your source files came from. So your commands will be:
- cd Desktop/
- zip -er info.zip
Now enter one space, then drag your files into Terminal and press Enter. After you type your password and confirm it, the new zip file will appear on your desktop.
Securing Files With a Document Management System
There are a few good reasons why companies that need to protect confidential information use a secure document management system rather than relying on zip files. One is that it’s easier to use. Instead of zipping up individual files and setting passwords for each one, using a secure document management system takes just four steps:
- Upload your files to the secure virtual data room.
- Invite people to access the files they need, while limiting their permissions to copy, download or edit.
- Track downloads, uploads and views.
- Control files even after users have downloaded them using FileProtect DRM.
If you want to change permissions for a specific user or group of users, you can do so with just a few clicks. If someone doesn’t require access anymore, you can revoke their access immediately. The files are all stored securely using state-of-the-art encryption and, just as importantly, two-factor authentication. Getting started with a Caplinked document management system is just as easy as downloading a zip utility, and it also comes with a free trial.