Zip files are a fast and easy option when you need to share large or multiple files all at once, usually via email. While the technology behind them is quite old, Zip file technology is still great for compressing and sharing large files or multiple files at once via easy-to-transport folders. Rather than share one large file or several files one-by-one, you can Zip the files to compress the size, and then share the single Zip file.
Unfortunately, this simple compression technology lacks basic security. As such, there is a risk of compromise or misuse even when sharing files between known parties. One way to strengthen security of Zip files is by password-protecting them, in the same way you can password-protect PDF files or other documents.
Password-Protect Zip Files: Windows
Windows 11, 10, and previous versions have a native utility for making Zip folders (i.e., “zipping” files) and then extracting the files from that Zip folder once received.
However, Microsoft still doesn’t offer an option for password protection. To set a password on your Zip files, you’ll need to get a third-party app or utility. Thankfully, there are plenty of free utilities available online that can password-protect Zip files.
Let’s look at a few of these apps.
WinZip is a very popular app for password-protecting Zip files. You can download and install WinZip for free for a few weeks before you’re asked to pay for it. Once you’ve installed the software, password-protecting your files is a three-step process:
- Open WinZip and click “Create/Share” in the Options menu to open the Actions menu.
- Click the “Encrypt” option and then drag a file into the NewZip.zip area of the window.
- Enter a password when prompted.
WinRAR is another popular utility that offers a free trial period. Setting a password is also very easy.
First, download and install WinRAR. When you open WinRAR, it displays a list of files and folders. Navigate to the ones you want to zip up and click the “Add” button for each one. Alternatively, you can right-click files on your computer and select “Add to Archive” to launch WinRAR.
Select the Zip format and click the “Set Password” option. When you click “OK,” the app will zip and password-protect the files you selected.
A third option is 7-Zip. It’s also very popular and is free during the trial period.
- Right-click the files or folders you want to Zip up and select “Add to Archive.”
- Enter a name for the new Zip file you want to create and select the Encryption and Password options.
- Enter your password when prompted and click “OK.”
Password-Protect Zip Files: Mac OS X
Mac computers have their own program for creating Zip files, but, unfortunately, there’s no option to add a password.
To create a Zip file on macOS:
- Navigate to a folder containing the files that you’d like to Zip.
- Click, Shift+Click, or Apple Key+Click the files that you’d like to Zip.
- Ctrl+Click, then select Compress.
- It will now be saved as Archive.zip. Feel free to change the name if you wish.
Alternatively, you can follow steps 1 and 2 above, then Ctrl+Click, then select New folder with Selection. Then select Compress.
However, this does not encrypt or password-protect your Zip files. To encrypt compressed files on macOS with a password, you can use a third-party program like WinZip for Mac or you can enter commands manually into your computer via Terminal.
Follow these instructions to use Terminal to password-protect compressed files on your Mac.
- Open Terminal. Navigate to Finder > Utilities and click on the Terminal app. You can also press Cmd + Space bar to activate Spotlight search and type ‘Terminal.’
- Set the directory. The next step is to set the destination of the files that you want to zip and password-protect. Type ‘cd’ and the location of the file or folder that you want to compress and encrypt. Type’ cd downloads’ if the file you’re looking to compress is saved in the Downloads folder.
- Compress and encrypt. Enter the command ‘zip -er FILENAME.zip’ without the quotes and replace FILENAME with what you want to name your encrypted zip file. Add a space and drag the file/folder to the Terminal window, and press Return.
- Enter password. At this point, you will be prompted to enter and verify the password. Type the password you want to use and hit Return twice. Keep in mind that you won’t see any characters on the command line when typing your password.
The Dangers of Relying on Zip Files
As cited earlier, the essential technology behind Zip files has been around for decades. You gather your files and folders together and with a few clicks, they’re placed in a single, compressed folder. When someone wants to access the contents inside, they simply have to double-click to unzip them. Zipping files and sharing them was helpful during a time when PCs had lower memory capacities, files were shared via floppy disks and thumb drives, and Internet speeds were much slower (and larger files would take seemingly forever to upload and download).
Unfortunately, security wasn’t an issue back then, and today, anyone can crack open a Zip file if they have the motivation to do so. They just have to download the right (free) software.
There are two levels of security on a password-protected Zip file: the encryption security and the password. There are currently two standard levels of encryption for Zip files, 128 and 256 bits, with 256-bit encryption far superior to the 128-bit version. Fortunately, the major zip utilities support this level of encryption.
Protecting Files with Locked Folders
As part of this discussion of password-protecting Zip files, it’s instructive to also have a look at how to password-protect folders, since Zipped files are placed in a Zip folder. However, it’s important to note that simply placing files or documents into a folder doesn’t Zip or compress their size.
Password Protect Folders: Windows 11
Windows 11 does not have a protect folder with a password feature because the account is already protected with your profile credentials. However, you can use the virtual drive and BitLocker features to create a drive you can secure with a password, which works similarly to a password-protected folder, notes Windows Central.
To create a virtual drive that will act as a password-protected folder, use these steps:
- Open Start.
- Search for “Disk Management” and click the top result to open the app.
- Click the Action menu, then “Create VHD” option, then the Browse button to select a location to store the virtual disk.
- Specify a name for the drive — for example, “vault,” then click Save.
- Under the “Virtual hard disk size” section, specify the space you want to reserve for storage, then OK. For example, 10GB, but any amount can be selected based on the content you want to protect.
- (Optional) Under the “Virtual hard disk format” section, select the VHDX option. Then choose “Dynamically Expanding” to allow the storage to grow as you save files.
- Right-click the newly created virtual disk and select the “Initialize Disk” option.
- Check the newly created disk.
- Select the GPT option, then “OK.”
- Right-click the “Unallocated space” and select the “New Simple Volume” option, then “Next.”
- Use the default volume size settings, then “Next.”
- Use the “Assign the following drive letter” drop-down menu to select a new one, then “Next.”
- Use the “File system” drop-down menu, and select the NTFS option.
- Use the “Allocation unit size” drop-down menu, and select the “Default” option.
- In the “Value label” field, type a descriptive name for the drive. For example, vault.
- Check the Perform a quick format option, then “Next,” then “Finish.”
After completing these steps, the virtual drive will be created and is now usable as a folder to securely store files by encrypting them using BitLocker.
To set up BitLocker to password protect the drive on Windows 11, follow these steps:
- Open Settings > System > Storage page on the right side.
- Under the “Storage management” section, click on Advanced storage settings.
- Click the “Disks & volumes” setting.
- Select the volume of the virtual drive and click the “Properties” button.
- Click “Turn on BitLocker” at the bottom of the page.
- Under the “Fixed data drives” section, select the vault drive.
- Click the “Turn on BitLocker” option.
- Check the “Use a password to unlock the drive” option.
- Create a password for your folders inside the drive.
- Click “Next”, then Select “Save to your Microsoft account”. (Quick note: Using the Microsoft account is the most convenient option. However, you can choose any of the other available options.)
- Click the Next button.
- Select “Encrypt used disk space only”, then “Next.”
- Select the Compatible mode option, then “Next.”
- Click the “Start encryption” button, then click the “Close” button.
After completing these steps the virtual drive will successfully be password protected.
To unlock a password-protected folder, follow these steps:
- Open File Explorer.
- Open the folder with the vault.vhdx file.
- Double-click the VHD (VHDX) file to mount it to File Explorer. (Quick note: It is normal to see an “is not accessible” and “Access is denied” message because you mounted the drive but haven’t unlocked it with the password yet.)
- Click on “This PC” from the left navigation pane.
- Under “Devices and drives”, double-click the drive to open the sign-in page.
- Enter your password to unlock the drive. (Quick tip: If you can’t remember the password, click “More options”, select “Enter recovery key,” and then type the 48-digit recovery key, which can be found on your Microsoft account.)
- Click the Unlock button.
After completing these steps, the drive will open, and you will be able to add, modify, and remove your documents and files.
To close and re-lock a folder with a password on Windows 11, use these steps:
- Open File Explorer.
- Click on This PC from the left navigation pane.
- Under the “Devices and drives” section, right-click the BitLocker drive, and select the Eject option.
After you complete the steps, the folder (drive) will lock, and the password will be required to unlock the contents again.
Password Protect Folders: MacOS
Unfortunately, you cannot simply navigate to a folder in Finder, Ctrl+Click, and choose a password. Creating a password-protected folder requires macOS’s built-in Disk Utility, similar to what is performed on Windows 11, where you will create a disk image .dmg archive file, which uses AES encryption and can only be opened with a password.
- Open Disk Utility from Applications > Utilities > Disk Utility.
- From the menu bar, select File > New Image > Image from Folder.
- Select the folder you want to password-protect, and click “Choose.”
- If you want, you can create a name or location for your protected folder. Open the Encryption, open the dropdown menu, choose your preferred option (128-bit AES encryption should be enough), and then click “Save.”
- Enter a password, then click “Choose” when you’re done.
- Alternatively, you can click the key icon, and allow macOS to create a strong password for you. Again, click “Choose” when you’re done.
- Expand Image Format and choose “read/write.” This will allow you to add and remove content from your protected folder later.
- Finally, click “Save.”
- Wait for Disk Utility to finish encrypting the folder.
- When it’s done, you’ll be left with a password-protected disk image and the original folder. You can delete the old folder if you no longer need it.
To open the locked folder on your Mac, double-click the .dmg file and then enter your password. Once you enter the password, the disk image will mount, allowing you to access the contents, including adding or removing files and folders.
Unfortunately, with the Disk Utility method anyone can find and even delete your password-protected folders. For more security, you may wish to consider third-party apps to get around these limitations.
The Limitations of Password-Protecting Zip Files and Folders
Encryption is just part of the equation. The other part is the strength of your password. Cracking the password on a Zip file or folder is a lot easier than cracking the password on a web server or an email server. Servers have safeguards in place so that if someone is trying to use a brute force attack to crack the password, the network admins can take corrective measures to stop the attack.
That’s a lot different from someone who has a Zip file or locked folder in their personal possession. They can put it on their own computer and then they have all the time in the world to work on it, without detection or interruption.
Just as importantly, there is no such thing as two-factor or multi-factor authentication for Zip files and locked folders. When someone does get the password, they have access to the file — and you will never know about it.
Securing Files With a Document Management System
To protect confidential information, organizations should consider a secure document management system rather than relying on Zip files or tediously locking folders, even if passwords are created.
In addition to the security limitations of password-protecting Zip files and folders, zipping individual files and setting passwords is inefficient because there is little control over the individuals or even groups who may be sharing those passwords to access the files and folder. Once a file is accessed, it can be downloaded to a local drive, printed, or even shared with others outside of the organization.
Instead, a secure document management system contains four important features:
- Uploading of files to a secure virtual data room.
- Inviting specific people to access the files they need, while limiting their permissions to copy, download or edit.
- Tracking downloads, uploads, views, and comments/annotations.
- Controlling files even after users have downloaded them using FileProtect DRM.
If you want to change permissions for a specific user or group of users, you can do so with just a few clicks. If someone doesn’t require access anymore, you can revoke their access immediately. The files are all stored securely using state-of-the-art encryption and, just as importantly, two-factor authentication.
Getting started with a Caplinked document management system is just as easy as downloading a zip utility, and it also comes with a free trial.
Jake Wengroff writes about technology and financial services. A former technology reporter for CBS Radio, Jake covers such topics as security, mobility, e-commerce, and IoT.