How to Password Protect a File Before Sharing

Password protecting a file adds an encryption layer so only someone with the right password can open it. This guide covers the three fastest ways to do it—including a browser-based method that requires no software, no account, and no uploads to a readable server.

What “Password Protecting a File” Actually Means

The phrase covers two distinct things that people often confuse:

Password-gated access means a service checks your password before letting you download or view a file. The file itself may still be stored in plaintext on the server—the password only controls the door, not the contents.

Password-based encryption means your password is used as the seed to derive a cryptographic key, which then scrambles the file’s actual bytes. Even if someone intercepts the file or the server is compromised, they see only ciphertext. This is the stronger, correct interpretation.

FileShot uses the second approach. Your password is fed into PBKDF2 (a key-derivation function), which produces an AES-256-GCM encryption key. The encryption runs entirely in your browser. The server receives an encrypted blob it cannot decode.

Method 1: Using FileShot (Fastest—No Software Required)

FileShot encrypts your file in the browser before it leaves your device. No installation, no account required on the free tier.

Step-by-step

1. Go to fileshot.io.
2. Drag your file onto the upload area, or click to browse.
3. Your file is automatically protected with Zero-Knowledge Encryption — it is encrypted in your browser before upload.
4. Optionally, enter a strong password in the password field for an additional layer of protection. This password is used only inside your browser—it is never sent to FileShot.
5. Click Upload. Your file is encrypted on your device, then the encrypted bytes are uploaded.
6. Copy the generated share link.
7. Send the link and the password to your recipient through separate channels (for example: link via email, password via text message).

When the recipient opens the link, they are prompted for the password. Decryption happens in their browser. The decrypted file is never stored anywhere in readable form.

Method 2: Windows—Password Protected ZIP with 7-Zip

If you need to password-protect a file before uploading it anywhere (not just FileShot), 7-Zip is the most widely available free tool for Windows.

Using 7-Zip (free, open-source)

1. Download and install 7-Zip if you haven’t already.
2. Right-click the file or folder you want to protect.
3. Select 7-Zip → Add to archive…
4. Set Archive format to zip (for compatibility) or 7z (for stronger encryption).
5. Set Encryption method to AES-256.
6. Enter and confirm your password in the Enter password fields.
7. Check Encrypt file names to hide the filenames inside the archive.
8. Click OK. A password-encrypted archive is created.

Windows BitLocker (full drive encryption)

BitLocker encrypts entire drives or USB sticks, not individual files. It’s useful for protecting a large collection of files on a portable drive, but adds friction for the recipient (they need Windows Pro or Enterprise to open a BitLocker drive). For single-file sharing, 7-Zip is simpler.

Method 3: Mac—Encrypted Disk Image with Disk Utility

macOS ships with Disk Utility, which can create an AES-256 encrypted disk image (.dmg) that works like a self-contained encrypted folder.

1. Open Disk Utility (Applications → Utilities → Disk Utility).
2. From the menu bar, choose File → New Image → Image from Folder…
3. Select the folder containing the files you want to protect.
4. Set Encryption to 256-bit AES encryption.
5. Choose Image Format: read/write or compressed.
6. Enter and verify your password when prompted.
7. Click Save. A .dmg file is created.

The recipient double-clicks the .dmg and enters the password to mount it. This works natively on any Mac without extra software.

For cross-platform sharing from Mac: Use 7-Zip for Mac (available via Homebrew: brew install sevenzip) to create a password-protected ZIP that Windows and Linux recipients can open without friction.

How FileShot’s Password Encryption Works

Understanding the mechanism helps you trust the security claim—and explains why forgetting your password means losing access forever.

Best Practices for Secure Sharing

Send link and password through separate channels

If you send both in the same email and that email is compromised, encryption provides no protection. Send the download link via email and the password via a text message, Signal, or any other channel. Two-channel delivery turns one point of failure into two.

Use a unique password per share

Reusing passwords means a single leak exposes multiple files. Generate a new password for each share using a password manager like Bitwarden (free, open-source) or 1Password.

Aim for 16+ characters

A 16-character random password has approximately 89 bits of entropy—far beyond practical brute-force reach even against offline attacks. Your password manager can generate this for you in one click.

Set an expiry date

On FileShot, you can set custom link expiry. Once a link expires, the encrypted file is deleted. This limits the window during which an attacker could attempt to brute-force a weak password offline.

Limit download count when sharing sensitive documents

FileShot lets you restrict how many times a file can be downloaded. For a document sent to a single person, setting a limit of 1 or 2 downloads means the link becomes useless the moment the intended recipient has the file.

Frequently Asked Questions

Does FileShot store my file password?

No. Your password is used inside your browser to derive the AES-256-GCM encryption key via PBKDF2. Only the encrypted bytes are uploaded. FileShot’s servers never receive your password or the decryption key derived from it.

Can I password protect any file type?

Yes. FileShot encrypts any file type—PDFs, ZIP archives, images, videos, executables, and more. The encryption is applied to the raw bytes of the file before upload, regardless of format.

What happens if I forget the password?

If you forget the password, the file cannot be decrypted. FileShot uses zero-knowledge encryption—nobody, including FileShot’s staff and servers—has a copy of your key. There is no recovery mechanism by design. Store your password in a password manager before sharing.

Is password-protecting a file free on FileShot?

Yes. Password protection and zero-knowledge encryption are included on the free tier. You can upload any file, add a password, and share the link at no cost. No account is required.

Is a password-protected ZIP as secure as FileShot’s encryption?

A properly configured 7-Zip AES-256 archive is cryptographically strong. The key difference is the trust model: with a local 7-Zip file, you control the encrypted file and can share it through any channel. With FileShot, the encrypted file is hosted for you with a shareable link, custom expiry, and download limits—adding operational security on top of cryptographic security.

What is the difference between password protection and encryption?

Password protection used to refer to access-control gates that check a password but store the file in plaintext behind it. True encryption scrambles the file’s contents using the password as a key ingredient. Today, good implementations—including FileShot—combine both: the password controls access and is used to derive the encryption key, so the file is unreadable without it at both the transport and storage level.

Related Guides

• How to Encrypt Files Before Sharing: Step-by-Step Guide
• Password-Protected File Sharing with FileShot
• What is Zero-Knowledge File Sharing?
• All FileShot Guides