How do I password protect a ZIP file on Windows for free?

The best free method on Windows is 7-Zip (7-zip.org, free download). Right-click your files or folder, choose 7-Zip > Add to archive. Set archive format to ZIP, enter an encryption password, and select AES-256 encryption. Important: Windows File Explorer's built-in 'Send to > Compressed folder' does NOT support strong password protection — use 7-Zip instead.

Is Windows built-in ZIP encryption secure?

No. Windows Explorer's native ZIP creation does not offer password protection or encryption. The Send to Compressed Folder feature creates a plain ZIP with no password support. Even older versions of Windows that offered ZipCrypto (legacy password protection) used a weak algorithm that can be cracked in seconds. Always use 7-Zip with AES-256 for secure ZIP encryption.

How do I password protect a ZIP on Mac without extra software?

Mac's Archive Utility (used by double-clicking a ZIP or right-clicking to Compress) does NOT add password protection. For password-protected ZIPs on Mac, use Terminal with the command: zip -er protected.zip /path/to/folder — the -e flag enables encryption and prompts you for a password. Alternatively, install 7-Zip via Homebrew (brew install p7zip) and use 7-Zip's AES-256 encryption.

What is the difference between a password-protected ZIP and encryption?

A password-protected ZIP with ZipCrypto (legacy) is NOT truly encrypted — the algorithm is trivially crackable. AES-256 ZIP encryption (the modern standard, supported by 7-Zip and WinRAR) is genuinely secure if the password is strong. True zero-knowledge file encryption — as used by FileShot — encrypts the file before it reaches any system that needs to handle the password at all.

What's a stronger alternative to a password-protected ZIP?

For stronger protection than a password-protected ZIP: (1) Use FileShot's File Encrypt tool (fileshot.io/tools/encrypt) — encrypts with AES-256-GCM in the browser before upload, decryption key in the URL fragment. (2) Use 7-Zip to create an AES-256 encrypted 7z archive (stronger than ZIP encryption). (3) Use VeraCrypt for large volumes of files. For sharing across the internet, FileShot's zero-knowledge model means the server never holds the key.

How to Password Protect a ZIP File — Windows, Mac, 7-Zip, Online

March 7, 2026 — Brendan Gray, Founder & Developer

Windows can create ZIP files natively, but it cannot add meaningful password protection to them. This is one of the most misunderstood facts in everyday file security. This guide covers what actually works, on which platforms, and how to do it correctly — plus a stronger alternative that doesn't require the recipient to have 7-Zip installed.

Critical Warning

Windows File Explorer's "Send to Compressed folder" creates a ZIP with no password protection and no encryption. If you've been creating password-protected ZIPs through Windows without a third-party tool, those ZIPs are not protected. Use 7-Zip (method 2 below) for actual encryption.

Method 1 — FileShot File Encrypt (Browser-Based, No Install)

If your goal is sending files securely, you don't need a password-protected ZIP at all — FileShot's encryption is stronger, simpler, and doesn't require the recipient to enter a password (the key is in the link):

Go to fileshot.io/tools/encrypt
Upload your file or ZIP archive
A unique AES-256-GCM encrypted version is created in your browser
Share the encrypted download link — the decryption key is embedded in the URL fragment
The recipient opens the link and the file is decrypted in their browser

No password to communicate separately. No worry about weak passwords. No 7-Zip required by the recipient.

Encrypt any file — AES-256-GCM, browser-based, no account needed

Open File Encrypt →

Method 2 — 7-Zip on Windows (Free, Strong Encryption)

7-Zip is the industry standard for free ZIP encryption on Windows. It creates ZIP archives with AES-256 encryption — the same algorithm used by banks and governments.

Step 1: Install 7-Zip

Download the installer from 7-zip.org (it's free and open source). Run the installer — default settings are fine.

Step 2: Create an encrypted archive

Select the files or folders you want to archive
Right-click and choose 7-Zip > Add to archive
In the Archive format dropdown, select zip
In the Encryption section, click in the Enter Password field and type your password
In the Encryption method dropdown, select AES-256 (not ZipCrypto)
Check Encrypt file names to hide the filenames inside the archive (recommended)
Click OK

Avoid ZipCrypto

If you see "ZipCrypto" as an encryption option, do not use it. ZipCrypto is a 1990s algorithm with known plaintext attacks. Archives encrypted with ZipCrypto can be cracked in seconds with freely available tools. Always select AES-256.

Method 3 — Mac Terminal (Built-In, No Install)

macOS doesn't offer GUI-based ZIP password protection, but it's built into the Terminal:

Open Terminal (Applications > Utilities > Terminal)
Run the following command:

zip -er protected.zip /path/to/your/folder

-e enables encryption
-r recurses subdirectories (include all files in the folder)
You'll be prompted to enter and verify a password

For a single file instead of a folder:

zip -e protected.zip /path/to/file.pdf

Note: macOS's built-in zip command uses AES-256 encryption. The archive is compatible with 7-Zip on Windows for decryption.

Method 4 — 7-Zip on Mac (via Homebrew)

If you prefer a consistent tool across platforms:

brew install p7zip
7z a -tzip -p -mhe protected.zip /path/to/folder

Flags: -tzip sets format to ZIP, -p prompts for password, -mhe encrypts headers (filenames).

Sharing a Password-Protected ZIP Securely

Password-protected ZIPs are only as secure as how you communicate the password. Common mistakes:

Do not send the password in the same email as the ZIP — if someone intercepts the email, they have both
Do not use weak passwords — ZIP encryption is offline-crackable, so a password like "abc123" or "Summer2024" is breakable in seconds with a dictionary attack
Do send the ZIP via email and the password via a separate channel (text message, Signal, phone call)
Password requirements for offline-cracking resistance: minimum 20 characters, random, or use a passphrase of 5+ random words

Alternative: 7z Format (Stronger Than ZIP)

If the recipient has 7-Zip installed, use the 7z format instead of ZIP — it offers better compression and stronger AES-256 encryption with PBKDF2 key derivation, which is significantly more resistant to brute-force attacks than ZIP's simpler key derivation:

7z a -t7z -p -mhe protected.7z /path/to/folder

Or in the 7-Zip GUI: change Archive format to 7z instead of zip.

Which Method Should You Use?

Sharing over the internet, recipient uses any device: FileShot encrypted link — no app, no password to communicate separately
Recipient has 7-Zip and you want offline archive: 7-Zip with AES-256 and a strong random password
Mac user, no extra software: Terminal zip -er command
Both parties on same platform, need large archive: 7z format with 7-Zip
Never use: Windows File Explorer "Send to Compressed folder" for anything that needs a password

Encrypt Files Without a ZIP — AES-256-GCM, Browser-Based

No password to communicate. Decryption key in the link. Share securely.

Open File Encrypt →

← Back to Blog