How to Password Protect a ZIP File (Windows, Mac, Linux) — 2026 Guide | Uploadex Blog

TL;DR: To password protect a ZIP file with strong AES-256 encryption: on Windows, use 7-Zip (free) — right-click → 7-Zip → Add to archive → set password + select "AES-256" under encryption method. On macOS, use Terminal: zip -er archive.zip ./folder/. On Linux, same zip -er command. Do not use Windows 11's built-in "compress to ZIP" — it cannot password protect. And avoid "ZipCrypto" — it's been broken since 2003. AES-256 only.

I get this question every few weeks: "I need to email a sensitive file, how do I put a password on a ZIP?" Usually it's a lawyer, an accountant, or someone in HR — people who deal with regulated documents and want a second layer of protection beyond their email provider's transport encryption.

The bad news: Windows itself still can't do this in 2026. Microsoft added native ZIP creation to File Explorer (and even other formats like 7z and tar in Windows 11), but the password-protection feature has never shipped. You have to install something.

The good news: the right tool is free, takes 30 seconds to set up, and uses AES-256 — the same encryption standard the NSA approved for classified data. (NIST FIPS 197)

Below is the full how-to for every platform, plus the single mistake almost everyone makes (using ZipCrypto, the legacy format that's been broken for over twenty years), and a quick note on when a password-protected ZIP is — and isn't — the right answer.

Quick Answer: How to Password Protect a ZIP File

If you just want the fastest path, here's the one-line answer per platform:

Windows 10/11: Install 7-Zip (free). Right-click the file/folder → 7-Zip → Add to archive → check AES-256 → enter a password → OK.
macOS: Open Terminal → cd to the parent folder → run zip -er archive.zip ./folder/ → enter password twice.
Linux: Same as macOS — zip -er archive.zip ./folder/ in the terminal.
No-install browser option: drag the file onto a no-account online tool, but skip these for anything actually sensitive (you're trusting their server with the unencrypted file during compression).

If you want the full walkthrough with screenshots and the why-this-way explanation, read on.

Why Windows 11 Still Can't Password Protect a ZIP File

This one trips up everyone. In Windows 11, right-click → Compress to → ZIP looks like it should have a password option. It doesn't.

The native "Compressed (zipped) folder" feature in Windows has supported password protection in old versions (pre-XP, briefly) and even today the underlying ZIP spec supports it. But Microsoft removed the UI for it years ago and never brought it back, citing the weakness of the legacy ZIP password scheme (which is fair — see the ZipCrypto warning below).

So in 2026, if you're on Windows, you need a third-party tool. The three real options are:

7-Zip — free, open source, AES-256 — what I use and what I recommend

WinRAR — commercial (nag-ware, but functional past trial), supports AES-256

WinZip — paid, the original ZIP brand, supports AES-256

For 95% of users, the answer is 7-Zip. The rest of this guide focuses there.

Method 1: Password Protect a ZIP on Windows Using 7-Zip (Recommended)

7-Zip has been the gold standard for Windows compression since 1999. It's free, open source, ad-free, and the AES-256 implementation is well-audited.

Step 1: Install 7-Zip

Download from 7-zip.org and run the installer. Choose the 64-bit version unless you have a specific reason not to. The installer is under 2 MB and takes about ten seconds.

Caption: Always download 7-Zip from 7-zip.org directly — captured May 2026 showing version 26.01. There are dozens of look-alike download sites that bundle adware; the only legitimate source is the official site, hosted on GitHub releases.

Step 2: Right-Click the File or Folder

Navigate to the file or folder you want to compress and encrypt. Right-click it. In Windows 11, you'll need to click "Show more options" (or hit Shift+F10) to see the 7-Zip context menu — Microsoft tucked the classic context menu behind one extra click.

Choose 7-Zip → Add to archive…

Step 3: Configure the Archive

The 7-Zip "Add to Archive" dialog opens. Five settings matter:

Archive format: select zip (it's the default; you could also pick 7z for better compression, but .zip is more universally compatible)

Compression level: Normal is fine. "Ultra" takes longer for marginal gains.

Encryption — Enter password: type your password

Encryption — Reenter password: type it again

Encryption method: change this from ZipCrypto to AES-256 — this is the single most important setting on the page

Caption: This is the exact dialog state you want before clicking OK. If "Encryption method" still says ZipCrypto, the password is essentially decorative — change it to AES-256.

Click OK. The encrypted ZIP file lands in the same folder. Done.

Step 4: Verify the Password Works

This is the step almost everyone skips and regrets. Before you send the file, double-click your new .zip and try to extract it. You should be prompted for the password. Enter it; confirm the contents extract correctly.

Then — and this is critical — try extracting with a wrong password. You should get an error, not silently corrupted output. If wrong passwords let any data out, you didn't use AES-256.

Method 2: Password Protect a ZIP on Mac (Terminal, Built-In)

macOS has had ZIP password protection built into its command line for years. No install needed. The zip command lives at /usr/bin/zip on every Mac.

Open Terminal (Spotlight → "Terminal") and run:

cd ~/Documents          # or wherever your folder lives
zip -er archive.zip ./my-folder/

-e = encrypt
-r = recursive (include subfolders)

The terminal will prompt:

Enter password:
Verify password:

Type the password twice (it won't show characters — that's normal). Then archive.zip appears in the current folder.

Caption: The Mac built-in zip defaults to ZipCrypto — fine for a quick "don't show this to the kids" lock, but not strong enough for anything actually sensitive. See the next section for the AES-256 method on Mac.

Mac with AES-256: use 7-Zip or Keka

Here's the catch: the macOS built-in zip command uses the legacy ZipCrypto algorithm, not AES-256. For real security on a Mac, install 7-Zip (via Homebrew) or the free Keka app from the Mac App Store.

With 7-Zip on Mac:

brew install sevenzip
7zz a -tzip -p -mem=AES256 secure-archive.zip ./my-folder/
# you'll be prompted for the password

With Keka: drag the folder onto the Keka icon, set Format to ZIP, tick "Use AES-256", enter a password, hit Compress. Same result, friendlier UI.

Method 3: Password Protect a ZIP on Linux

If you're on Linux, you almost certainly already have zip installed. If not:

sudo apt install zip           # Debian / Ubuntu
sudo dnf install zip           # Fedora
sudo pacman -S zip             # Arch

Then it's the same syntax as Mac:

zip -er archive.zip ./folder/

But like the Mac built-in, the default Linux zip uses ZipCrypto. For AES-256 on Linux, use the 7-Zip CLI:

sudo apt install p7zip-full
7z a -tzip -p -mem=AES256 secure.zip ./folder/

The -p flag prompts for the password without echoing it to your terminal history. The -mem=AES256 flag is what actually upgrades the encryption.

Method 4: Online Tools (Use With Caution)

There are dozens of "password protect ZIP online" sites. They work — usually — but think about what you're actually doing: you're uploading your sensitive file, in plaintext, to a server you don't control, asking them to encrypt it for you.

If the file isn't sensitive enough to justify installing 7-Zip, it's not sensitive enough to need a password.

If the file is sensitive, the last thing you want is for the unencrypted version to pass through someone else's servers.

So I don't recommend online tools for this. The one exception: if you're on a locked-down work laptop where you genuinely can't install software, and the alternative is sending the file unencrypted — then yes, an online tool is the lesser evil. Pick one with a clear privacy policy that explicitly states "files are processed in browser" (some, like ezyZip and Encrypt-Files.com, claim this).

The Single Biggest Mistake: ZipCrypto vs AES-256

This is the one section I'd ask you not to skip.

The ZIP format supports two encryption schemes:

Scheme	Cracks in…	Use it?
ZipCrypto (legacy)	Seconds to minutes for an 8-char password, given the right tool	No
AES-256	Thousands of years with current computing	Yes

ZipCrypto has been publicly broken since 2003 — there are well-known attacks (Biham & Kocher, ZIP plaintext attack) that can recover the password very fast under common conditions like having any single known-plaintext file in the archive. If the attacker has even one file they know is in your zip (a .DS_Store, a Thumbs.db, a stock README), they may recover the password without brute-forcing it at all.

AES-256 doesn't have these problems. It's the encryption standard NIST published and the NSA approved for top-secret data (NIST FIPS 197). A brute-force attack against a 256-bit key would take a number of years with more zeros than there are atoms in the observable universe.

So: when you password protect a ZIP, ALWAYS verify the encryption method is AES-256. In 7-Zip it's a dropdown. On the Mac/Linux built-in zip, you literally cannot pick AES — use 7-Zip's CLI instead.

Caption: This dropdown. This is the one. If it says ZipCrypto, your password is theatre.

How to Choose a Password for a ZIP File

A ZIP password is symmetric — the same string encrypts and decrypts. So the password's strength is the encryption's strength in practice. AES-256 with the password "1234" is no stronger than "1234" itself.

What works:

Length over complexity. A 20-character passphrase like correct-horse-battery-staple-2026 is stronger than P@ssw0rd! and easier to dictate over the phone.
Different from any password you reuse. If your work email password ends up in a breach, you don't want it unlocking sensitive ZIPs too.
Communicated through a different channel. Email the ZIP, text the password. Or vice versa. Never send the password in the same email as the file — that's the equivalent of leaving the key under the doormat.

What doesn't work:

Anything in a dictionary
The name of the project, client, or company
A pattern like "Document2026!"

If you need to generate one, any password manager will do it. Or use Bitwarden's free password generator.

When a Password-Protected ZIP Is the Wrong Answer

ZIP encryption is great when you and the recipient both have unzipping software, when the file is sized for email or a single download, and when you only need to defend against casual interception. It's the wrong answer when:

The file is over a few hundred MB — you need a real file transfer service, not an email attachment. See my guide on sending large files securely.
The recipient is non-technical and might struggle with "use 7-Zip to extract" — use a service with browser-side download instead.
You need access logging, expiry, or revocation — ZIPs are file-and-forget. Once they leave your machine, you have no control.
You're handling regulated data (PHI, PCI, classified) — a password-protected ZIP isn't sufficient on its own. You need a managed transfer with audit trails.

For everything in those buckets, a secure share link from a service like Uploadex — with AES-256 at rest, link expiration, and a download cap — is usually a better workflow. The encryption is automatic, the audit trail is built in, and the recipient just clicks a link.

FAQ: Password Protecting a ZIP File

Can I password protect a ZIP file in Windows 11 without installing anything?

No. Windows 11's built-in "Compress to ZIP" feature creates ZIPs but does not support password protection. You must install a third-party tool — 7-Zip is the recommended free option.

Is a password-protected ZIP file actually secure?

If — and only if — you used AES-256 encryption and a strong password (16+ characters, not in any dictionary), then yes, the ZIP is effectively unbreakable by brute force. If you used the default ZipCrypto, it can be cracked in minutes with off-the-shelf tools.

How do I unzip a password-protected ZIP file?

On Windows, install 7-Zip or WinRAR — they'll detect the encryption and prompt for the password. On Mac and Linux, double-click the file (built-in tools support ZipCrypto). For AES-256-encrypted ZIPs on Mac, install Keka or 7-Zip via Homebrew.

What's the difference between a password and encryption on a ZIP?

The password is what you (and the recipient) type. The encryption is the algorithm that uses your password to scramble the file's contents. AES-256 is a strong encryption algorithm; ZipCrypto is a weak one. A strong password with weak encryption is still weak overall — both need to be strong.

Can I password protect a single file without zipping it?

For PDFs, yes — Adobe Acrobat and most PDF tools let you password-protect a PDF directly. For Word/Excel, File → Info → Protect Document. For any other file type, the cleanest answer is to ZIP it with a password.

How do I send a password-protected ZIP file by email?

Most email providers block ZIP attachments by default (especially those containing executables). Two cleaner options: (1) attach the ZIP and send the password by a different channel like SMS, or (2) skip the ZIP-by-email approach and use a file-sharing service with password-protected links — same security, fewer spam-filter rejections.

What is the strongest encryption I can use for a ZIP file?

AES-256 is the strongest encryption supported by the ZIP file format and the strongest practical encryption in commercial use as of 2026. It's the standard NIST recommends for top-secret data.

Summing Up!

Password-protecting a ZIP file is a 30-second job once you know the trick: install 7-Zip, set the encryption method to AES-256, use a 16+ character password, send the password through a different channel than the file.

The single mistake to avoid is sticking with the default ZipCrypto setting — that algorithm has been broken for over 20 years and won't survive any real attempt to crack it.

If you find yourself password-protecting ZIPs every week — for client deliverables, contracts, or sensitive documents — there's a more ergonomic workflow: a secure file share with AES-256 at rest, password-protected links, expiration, and a download cap. I cover the exact setup I use in my guide to sending large files securely and the companion piece on online file sharing.

For one-offs, 7-Zip and a strong password are perfect. For workflow, a real file-sharing service is.

Sources: