How to Create a Password-Protected ZIP File

By FileConvertLab

ZIP file icon with padlock overlay showing AES-256 encryption, with step-by-step creation workflow and password best practices
ZIP archive icon with green padlock, arrows showing files entering encrypted archive, and warning note that filenames remain visible without password

ZIP files support AES-256 encryption — strong enough to protect sensitive documents.

Windows and Mac don't make it obvious how to enable it, but the process takes about a minute once you know where to look. There's also one important limitation to understand before you use it.

The key limitation: ZIP encryption protects file contents but leaves filenames visible. Anyone can open your ZIP and see "contract_signed.pdf" without the password — they just can't read its contents. If hiding the filenames matters, use 7Z with header encryption instead.

Create a Password-Protected ZIP on Windows (7-Zip)

Windows's built-in ZIP tool does not support encryption. You need 7-Zip, which is free and open-source.

Step 1: Install 7-Zip

Download 7-Zip from 7-zip.org and run the installer. It takes about 30 seconds. See our guide on opening 7Z files on Windows for detailed installation steps.

Step 2: Create the encrypted archive

  1. In File Explorer, select the files or folder you want to protect. Right-click → 7-Zip → Add to archive.
  2. In the dialog, set Archive format to zip.
  3. In the Encryption section at the bottom: Enter your password in the Enter password field.
  4. Re-enter it in Reenter password.
  5. Set Encryption method to AES-256. Do not use ZipCrypto — it's a legacy method with known weaknesses.
  6. Click OK. The encrypted ZIP is created in the same folder. Important: AES-256, not ZipCrypto 7-Zip defaults to ZipCrypto for ZIP format — an old encryption method that can be cracked. Always switch to AES-256 before clicking OK. If you use ZipCrypto, an attacker with a known file in your archive can potentially recover your password.

Create a Password-Protected ZIP on Mac

macOS's built-in Compress feature does not support encryption. You have two options: the Terminal (no install needed) or Keka (GUI app).

Option A: Terminal (built-in, no install)

  1. Open Terminal (Applications → Utilities → Terminal).
  2. Navigate to the folder containing your files.
  3. Run the zip command with the --encrypt flag:

Compress a single file with password zip --encrypt secure.zip document.pdf # Compress a folder with password zip -r --encrypt secure.zip my-folder/ # Compress multiple files zip --encrypt secure.zip file1.pdf file2.docx

Terminal will prompt you to enter and confirm the password. The ZIP uses legacy encryption (not AES-256) by default on macOS — see the caveat below.

macOS ZIP encryption caveat The built-in zip command on macOS uses a legacy encryption algorithm, not AES-256. For stronger encryption on Mac, use Keka or install p7zip via Homebrew and use 7Z format with AES-256.

Option B: Keka (GUI app, AES-256)

  1. Download Keka from keka.io (free) or the Mac App Store ($2.99).
  2. Open Keka. In the sidebar, set the format to ZIP.
  3. Enable the Password field and enter your password.
  4. Drag your files onto the Keka window to create the encrypted archive. Keka uses AES-256 encryption for ZIP format, making it the better option compared to Terminal's built-in zip command.

ZIP Encryption vs 7Z Encryption: When to Use Each

FeatureZIP (AES-256)7Z (AES-256)
Encryption strengthAES-256 (strong)AES-256 (strong)
Filenames hiddenNo — visible to anyoneYes (with header encryption)
Recipient needs softwareNo — built-in on Win/Mac/iOSYes — 7-Zip or similar
Compression ratioStandardBetter
Best forSharing with anyoneMaximum privacy, technical recipients
Use ZIP when you don't know what software the recipient has. Use 7Z when you need filenames hidden and you know the recipient can open 7Z files. For a full comparison of these formats, see ZIP vs 7Z vs RAR .

Password Best Practices

AES-256 encryption is effectively unbreakable — but only if the password is strong.

The password is the only weak point. A short or common password can be guessed or brute-forced regardless of how strong the encryption algorithm is.

  • Use at least 12 characters. A 12-character random password takes billions of years to brute-force. An 8-character common word can be cracked in minutes.
  • Mix characters. Combine uppercase, lowercase, numbers, and symbols. Avoid dictionary words, even with substitutions like "p4ssw0rd".
  • Send the password through a different channel. If you email the encrypted ZIP and also email the password, an attacker who intercepts the email has both. Send the password by SMS, phone call, or WhatsApp instead.
  • Never send the password in the same email as the archive. This is the most common mistake. It completely defeats the purpose of encryption.

Opening a Password-Protected ZIP

Recipients on Windows or macOS can open password-protected ZIPs without any extra software. When they double-click or try to extract, the operating system asks for the password.

On mobile, most file manager apps (Files on iOS, Files by Google on Android) support opening password-protected ZIPs. If the built-in app doesn't, a third-party app like iZip (iOS) or Zarchiver (Android) will.

If your recipient can't open the 7Z you sent them, guide them to our how to open 7Z on Mac or how to open 7Z on Windows guides.

Frequently Asked Questions

Can someone see the filenames inside my password-protected ZIP?

Yes — with standard ZIP encryption. ZIP encrypts the file contents but leaves the file list (names, sizes, dates) visible without a password. Anyone can open the archive and read the filenames. If you need to hide filenames too, use 7Z with header encryption enabled: 7-Zip → Add to archive → 7z format → check 'Encrypt file names'. This hides the entire file list from anyone without the password.

Is ZIP encryption strong enough for sensitive documents?

It depends on which encryption method is used. AES-256 (available in 7-Zip and most modern tools) is strong — the encryption itself is unbreakable with current technology. The weakness is the password: a short or common password can be brute-forced. ZipCrypto (the older ZIP encryption method) is weak and should not be used — it can be cracked with known-plaintext attacks. Always choose AES-256 when the option is available.

Can Windows open a password-protected ZIP without extra software?

Yes, Windows can open password-protected ZIP files natively. When you double-click or try to extract, Windows asks for the password. However, Windows only supports creating encrypted ZIPs through third-party tools — the built-in 'Compress to ZIP file' does not support encryption. Use 7-Zip (free) or WinRAR to create password-protected ZIPs on Windows.

What's the best way to send the password to the recipient?

Never send the password in the same email as the encrypted archive. If someone intercepts the email, they have both. Send the password through a different channel: SMS/text message, phone call, WhatsApp, or a separate email sent to a different email address. For very sensitive files, consider using a secure messaging app with end-to-end encryption.

What's the difference between ZIP encryption and 7Z encryption?

Both can use AES-256 encryption for file contents — equally strong. The key difference is filename encryption: 7Z can hide filenames (with header encryption), ZIP cannot. 7Z also tends to produce smaller files. For maximum privacy, use 7Z with header encryption. For compatibility (the recipient might not have 7-Zip), use ZIP with AES-256.

Can I add a password to a ZIP file that already exists?

No — you cannot add encryption to an existing archive after the fact. You need to create a new archive with encryption enabled from the start. Open 7-Zip, right-click the files you want to protect, choose Add to archive, enter a password, and create a new ZIP. Delete the original unencrypted ZIP if needed.

What happens if I forget the password to a ZIP file?

If you used AES-256 encryption with a strong password, the file cannot be recovered. AES-256 is designed to be computationally infeasible to brute-force. If you used a short or simple password, password recovery tools might be able to crack it — but this is not reliable for passwords over 8 characters. There is no backdoor or master password. Keep your passwords stored somewhere secure.

Do email servers block password-protected ZIP files?

Some corporate email servers block encrypted archives because antivirus scanners can't scan the contents. If you know the recipient is on a corporate system, ask their IT team if encrypted attachments are allowed. Alternatively, use a secure file-sharing service (Google Drive with limited sharing, SharePoint, or a dedicated file transfer tool) instead of email for sensitive encrypted files.

How to Create a Password-Protected ZIP File