How to Password Protect a ZIP File on Mac

Sending a sensitive file over email or cloud storage? Wrapping it in a password-protected ZIP adds a real, practical layer of protection — the recipient needs the password to open the contents, even if the file ends up forwarded to the wrong person or sitting in a shared Dropbox folder longer than intended. Here's exactly how to do it on macOS, the tradeoffs of each method, and how strong this protection actually is.

Does macOS support this natively?

Partially, and this trips people up. Finder's built-in "Compress" option (right-click any file or folder → Compress) creates a ZIP file just fine, but there is no option anywhere in Finder's UI to add a password to it. That capability only exists through Terminal or a dedicated third-party app — a detail Apple doesn't make obvious, since the Compress option looks complete on its own.

Method 1: Terminal (built-in, but fiddly)

macOS ships with the same zip command-line tool used on Linux. Open Terminal and run:

zip -e -r archive.zip /path/to/your/folder

The -e flag triggers an interactive password prompt (typed twice, to confirm). This genuinely works and requires no extra software. The friction is real, though: you need the exact file path, the syntax is easy to get wrong (forgetting -r for a folder, for instance, will silently compress nothing inside it), and there's zero visual feedback while it processes — just a blinking cursor until it's done, with no progress bar for large folders.

Method 2: A free Mac archive app (recommended for most people)

A proper archive utility gives you a password field directly inside the compression dialog — select your files, choose ZIP format, type a password, click compress. With Unzipr, this is completely free with no paywall: there's no premium gate on basic password-protected ZIP creation, since it's a core extraction/compression task rather than an advanced feature.

This matters in practice because password-protecting an archive is the kind of task most people need only occasionally — maybe a few times a year — and don't want to relearn a command-line flag for each time. A persistent password field in a GUI removes that "wait, what was the syntax again?" friction entirely.

How strong is ZIP password protection, really?

This is worth being honest about. Standard ZIP encryption (sometimes called "ZipCrypto," the original encryption scheme built into the format in the 1990s) is better than sending the file unprotected, but it has known cryptographic weaknesses — particularly to a "known-plaintext" attack if an attacker has access to even one unencrypted file that also exists inside the archive. With modern compute power, ZipCrypto-protected archives can be cracked in a realistic amount of time by a determined attacker with the right tools.

Some newer ZIP tools support AES-256 encryption within the ZIP container itself, which is much stronger — but compatibility varies, since older ZIP readers (including some versions of Windows' built-in extractor) may not support AES-encrypted ZIPs correctly.

For genuinely sensitive data — financial records, legal documents, anything you'd be uncomfortable with leaking — consider 7Z format instead. 7Z's encryption is AES-256 by design, with no legacy weak mode to accidentally fall back to, and it's also available as a one-click compression option in the same archive apps that handle ZIP.

A quick checklist before you send a password-protected archive

• Use a password you haven't reused elsewhere — don't expose a password you use on real financial or email accounts.
• Send the password through a different channel than the file itself (e.g. a text message, if the archive went by email) — this defeats anyone who intercepts just one of the two channels.
• For highly sensitive files, prefer 7Z with AES-256 over standard ZIP encryption.
• Don't rely on archive passwords as your only security layer for extremely sensitive data — consider full-disk encryption or a dedicated encrypted container for anything truly critical.

Troubleshooting

• Recipient says the password doesn't work: double-check for trailing spaces or autocorrect changes if you typed the password into Messages or Notes before sending — smart quotes and autocapitalization can silently alter it.
• "Unsupported compression method" error on Windows: usually happens when a ZIP was created with AES-256 encryption and the recipient's extractor doesn't support that mode — fall back to 7Z, which has more consistent encryption support across platforms.

Frequently asked questions

Will a password-protected ZIP work on Windows too? Yes — standard ZIP password protection is cross-platform. The recipient will be prompted for the password regardless of their operating system.

Can someone see the filenames inside a password-protected ZIP without the password? Often yes, for standard ZIP — the file listing itself isn't always encrypted, only the contents. If even the filenames need to stay hidden, 7Z's header encryption option is the better choice (we cover this in a separate guide).

Is it worth password-protecting files I'm storing locally, not just sending? Yes, particularly on a shared family Mac or a laptop that travels with you. A password-protected archive adds a layer of protection beyond your login password alone — useful if someone else gets temporary access to a logged-in session.

Need to do this regularly? Unzipr keeps password-protected ZIP compression completely free, with optional 7Z + AES-256 encryption available when you need stronger protection.