How to password protect a document
How to make a password protected document and why it is not secure
Learn how to create a password protected document using various software solutions, including choosing a strong password, the drawbacks of password protection, and secure alternatives.
Password protecting documents
Due to the existing popularity of passwords, dozens of software developers have created solutions that can password protect a document against opening. Some can protect any file, others will only encrypt specific file formats, and several protect files in the cloud. Regardless of the implementation, the general process is the same:
- The user chooses a password.
- This is used in combination with an encryption key and algorithm to scramble a document into an unreadable ciphertext. Or, in a cloud implementation, the password prevents access to a specific webpage hosting the document.
- Entering the password reverses this process, allowing somebody to access the plaintext version.
Though some solutions use different encryption algorithms or encryption types, this is the basic principle. We’ll go into more detail in the rest of this blog, covering:
- Choosing a strong password
- Methods to password protect a document
- Why passwords provide weak document security
- Protecting documents without passwords
- Why DRM offers the most complete document security
- Key document protection takeaways
Choosing a strong password
You may already know that password strength is crucial in such a system. Unfortunately, many users have not been fully educated on what a secure password looks like and how strong passwords need to be to avoid cracking. This is completely understandable since the speed at which automated tools can crack passwords is increasing daily.
So, what does a strong password require? At the time of writing, you should follow these guidelines:
- It should be unique (not used anywhere else).
- At least 11 characters with uppercase and lowercase letters, numbers, and symbols, but ideally 14 or more for futureproofing.
- The password should not use any words from the dictionary, names, or other identifiable words or patterns.
Methods to password protect a document
Broadly, we can break the ways to password protect a document down into three categories: file encryption software, cloud protection services, and solutions designed to protect specific file formats. We’ll provide you with several methods to password protect a document in each category, and then discuss the pros and cons of password protection for documents overall.
File encryption software apps & online solutions
File encryption software can encrypt any file with a password, including documents. Its goal is primarily to prevent access by unauthorized users, not to control what users can do with the document or enforce other restrictions.
There are dozens of software solutions and services that encrypt documents, so we won’t be covering all of them, but rather a few with slightly different approaches to each other. However, it is worth keeping in mind that the core principle of any encryption tool is the same: turn the resource into a jumble of numbers and letters unless the user provides the correct authentication. The main importance is how secure that authentication is and what encryption algorithms are used.
How to encrypt a document in Windows
Windows 10 and 11 users can encrypt files in any folder using their operating system’s in-built encryption, provided they have a Pro license.
Note: Windows encryption is not intended to protect documents after they shared. It only protects users who gain or have access to your PC from accessing your file without entering your user password. Even so, there are various ways for attackers to bypass this.
Here’s how to password protect a document in Windows step-by-step:
- Right-click the document and choose “Properties”.
- In the “General tab”, click “Advanced…”.
- Tick “Encrypt contents to secure data” and press “OK”. Choose whether you want to encrypt just documents in the top-level folder or those in sub-folders, too.
How to WinZip password protect documents
You can use WinZip to set a password for a document or group of documents in an archive. Software such as 7-Zip, PeaZip, and WinRar have similar functionalities, but using WinZip’s password protection function is simple and intuitive:
- Open WinZip SafeShare and select (or drag) the document you want to password protect.
- On the next step, press the arrow next to “Encrypt file”.
- Choose “Custom password” and type a strong, unique password. We do not recommend using the WinZip generated password as they are only 8 characters long and could therefore be cracked in around 8 hours using rented cloud computers.
How to encrypt a document with file encryption software
File encryption apps work with any file type and can often encrypt individual files (axcrypt, age, xecrets), or folders/virtual disks (cryptomator, nordlocker, axcrypt, veracrypt). We’ll cover Axcrypt, as it can do both:
- Open AxCrypt and press the “Secure” button.
- 2. Browse to the document you want to encrypt and press “Open”.
- AxCrypt will instantly encrypt the document with AES 256-bit encryption to the .axx format.
- Users you share the document with will be faced with a password dialog and will have to log in before they can view your content.
Note that users can share document keys with others via the share interface, and they can also share their login credentials with others.
Cloud services and document protection
Cloud services take a different approach to password protection. As the server hosting the documents is not directly accessible to the user, strong encryption is not mandatory (though, as we’ll cover later, it is still important). Instead, cloud providers can prevent either the download of documents or access to a specific webpage on which the document is embedded. We’ll take a look at a few different cloud-based services below.
How to password protect documents in OneDrive
Microsoft’s OneDrive represents the most common way cloud services password protect files. You have two options to use OneDrive to password secure a document:
- Press the share button and use the “Set password” field.
When you send a link to the document to anybody, they will have to enter the password before they can view or download it. - Share the document with specific OneDrive accounts.
This is still password protection at its core, with the notable difference that user accounts often employ additional authentication methods such as 2FA on top of the common username/password combination.
We’ll quickly show you how to do both.
How to password protect documents in OneDrive using “Set password”
- Press the “Share” icon next to the document, then click on the pencil and choose “Sharing settings”.
- In the “Set password” field, choose a OneDrive password to protect your document with.
- Press “Apply” and then “Copy” to apply the OneDrive password protection. Users you share the link with will have to enter the password before they can access your document.
How to password protect a document in Google Drive
Google Drive doesn’t have native tools to protect documents with a password, but there are ways around this. You can read how to password protect a Google Doc for more information on this.
How to share with specific accounts in OneDrive
Sharing OneDrive documents with specific Microsoft accounts only takes a few seconds and is more secure if you have control over the accounts you are sharing with. Two-factor authentication and strong, unique passwords on each account will always be more secure than using a single password for everyone you share the document with. However, when sharing with external users, it is important to consider that they may not have the same security standards as your organization. If they are using a compromised or insecure password and do not have two-factor authentication, then sharing with their account could represent a significant security risk.
Additionally, users can share login credentials and two-factor codes (either intentionally or unintentionally) and once they have access to documents can share them via copy-paste, screenshots, printing, etc. This can usually be achieved even if editing is disabled by exploiting the browser’s developer mode.
With that said, here’s how to password protect documents by sharing them with specific accounts in OneDrive:
- Press the share icon next to your document and click on “Sharing settings”.
- Choose “Specific people” and press “Apply”.
- Type the names or emails of the people you would like to have access and press “Send”. They will be emailed a link to the document and will only be able to view it if they are logged in to that account.
Protecting documents using secure data rooms
Secure data rooms take a similar approach to OneDrive, though they tend to emphasize their security more. You rent server space, upload your documents, and users log in to view them in the browser.
Much like a cloud collaboration service, data rooms try to enforce document controls in the browser using JavaScript. However, as we’ll cover later, this is not particularly effective, which erodes both security and other monitoring functionality.
How to password protect a document of a specific format
It can be useful to look at tools to protect specific file formats, as some file types have unique protection measures. In this case, we’ll quickly cover how to password protect a document in Adobe Reader DC as well as how to password protect an Excel, Word, or PowerPoint document.
How to password protect a Microsoft Office document
We have covered how to password protect office applications in detail already in: How to password protect a Word document, How to password protect an Excel file, and How to protect a PowerPoint. As a result, we’ll just cover the process briefly here. Read the linked blogs for more details and analysis.
- With the document open, press “File” in your ribbon, then “Info”.
- Click on the “Protect Document” button and choose “Encrypt with Password” from the list.
- Enter a strong, unique password and press “OK”.
- Enter the password a second time to confirm it. Press “OK”.
Next time you open the document, you will be prompted to enter the password before you can view its contents. Word also allows you to set a password to restrict editing by opening the Review tab of the ribbon and selecting “Protect > Restrict editing”. This is intended to prevent unintentional editing only.
How to password protect a PDF document in Adobe Acrobat DC
Acrobat Pro DC allows you to add passwords to documents, whereas regular Adobe Reader does not. The basic process is as follows:
- Click ‘File’, which is on the top horizontal toolbar.
- Select ‘Open’ by scrolling down the drop-down list.
- Using the file browser window, select the PDF file you want to password protect.
- Press the ‘Protect’ button on the right-hand side.
- Press ‘Advanced Options > Encrypt with Password’ in the top bar.
- Look for the PDF password security dialogue box when it comes up. Determine the choices you would like to take as to the levels of security you are seeking to use: In the ‘Document Open’ and ‘Permissions’ sections, you can also choose whether you wish to enter a password only for opening the file (PDF owner password) or a password for making modifications to the content (PDF permissions password). If you choose to select the option of using a password only for opening the PDF document, go to the first option and type in the password of your choice.
How to password protect a document on Mac
Mac has a document software of its own: Pages, Numbers, and Keynotes. These offer basic password protection but also allow you to unlock your documents with Touch ID. Here’s how to password protect a document in mac OS using these applications, step-by-step:
- With the document open, press “File > Set Password” in the top toolbar.
- Enter the password as requested and click “Set Password”.
Optionally, tick “Remember this password in my keychain” or “Open with Touch ID”. Users will now need to enter the password to access the document.
It’s important to know that Mac’s Touch ID doesn’t’ replace password protection in Pages, Numbers, and Keynote. Other users will still be able to access the document by entering the password. Touch ID just makes it so you don’t have to manually type the password each time.
Why passwords provide weak document security
All document password protection solutions share some key security holes that make them unsuitable for use with sensitive and confidential information:
- Passwords are shareable
It’s very easy for authorized users to share a document (or a link to it) along with the password to leak it. They may also do this unintentionally due to a phishing attack or improperly stored passwords. Even user account details and 2FA codes can be shared with others, while IP addresses can be spoofed using a VPN. - Document passwords can usually be removed by users who are authorized to view them
In Adobe PDF and Microsoft Word, users can just press a button and type the password to create an unprotected copy of the document. This may not necessarily be malicious—it could be for convenience—but it degrades security should they share this copy with others or get hacked. - When directly removing a password is not possible (such as when using a cloud service or data), users can create unprotected copies via other means
It’s often simple to bypass copy-paste and printing controls to create copies because JavaScript execution can be modified using the browser’s developer mode. Failing that, users can automate screenshot capture using a plugin and use OCR software to convert the images back into text. - Password cracking tools are commonplace and powerful hardware can make them quite effective
For meaningful security, you need to use a long, complex, and unique password for each document, which is impossible for users to remember. As a result, secure password management becomes a pain point and a potential vulnerability at scale. And that’s if users even abide by your password rules in the first place. - If you use cloud services, the server that hosts your document could be compromised
If your provider does not properly encrypt your documents or delete cached unencrypted versions, this would be very serious indeed.
These flaws mean that password protected documents aren’t particularly useful from a security perspective. They don’t stop documents from being leaked, and they rarely prevent hackers who have intercepted documents from breaking in. They may provide some extra comfort for personal files that won’t leave your PC, but you shouldn’t rely on them for anything important.
Protecting documents without passwords
If not passwords, what should you be using to protect your documents? There are various options, but the two main ones are PGP encryption and DRM or Digital Rights Management.
How to encrypt a document with PGP
PGP uses public and private encryption key pairs rather than passwords. You encrypt a document using a user’s public key, and they can only open it if they have the matching, linked private key on their system.
Applications such as FileAssurity OpenPGP and similar make this process relatively simple:
- Open FileAssurity and press File > Key management.
- Press the blue icon to generate a private and public key pair for yourself.
- Enter your name, department, address, and email in the pop-up and press “Generate”.
- Press the yellow key with the green arrow to import the public key of any recipients.
- Close the key manager and select your key and your recipient’s in the dropdowns at the top of the application. Browse to the file you want to encrypt and press the document signing icon to encrypt your file.
Unlike many of the password-based solutions we’ve mentioned today, PGP is a genuinely useful security tool. It often prevents hackers from gaining access to a document when it is in transit or at rest.
However, it is important to understand that PGP is not a tool to prevent unauthorized sharing and does not protect documents during use. The downsides of PGP are:
- Once a user receives and decrypts a document, it is fair game. They can intentionally share it with unauthorized users or unintentionally share it by saving the unencrypted copy to an insecure location or having their device hacked.
- You need to know the recipient’s public key in advance, which is fine for inter-organization sharing but can slow down the process when dealing with outside parties.
- It’s critical that keys are managed securely and effectively, which can be expensive. Organizations must invest in infrastructure to store keys securely, provide support for lost keys, etc.
Digital Rights Management solutions look to address some of these issues.
Why DRM offers the most complete document security
Digital Rights Management (DRM) for documents look to control not just which users can open documents but also how those users can interact with them. While the effectiveness of DRM solutions can differ, a good DRM solution will:
- Avoid passwords and hide encryption keys from the user so they cannot be shared.
- Lock document access to specific devices and locations.
- Prevent editing and copying and allow publishers to choose whether to enable or disable printing and block screenshots.
- Enable document expiry regardless of where the document is located and based on a variety of factors.
- Allow dynamic, user-identifying watermarks to deter users from taking pictures of the screen with a secondary device or sharing printed copies.
- Allow admins to manually revoke user and document access at any point.
- Track who has opened a document, when, and where from.
Locklizard Safeguard PDF DRM achieves all of these through a combination of AES 256-bit encryption, effective controls, and a dedicated secure viewer application. Once delivered, our documents are only ever decrypted in memory, and users cannot successfully transfer documents or encryption keys to other devices.
You can read more about how Locklizard Safeguard works and how to use in how to protect PDF files without passwords.
Key document password protection takeaways
In summary, there are six key aspects to consider when protecting documents with passwords:
- Password protection is simple to understand and communicate but comes with risks that many users are still unaware of.
- Passwords are not an effective means of document security. While they provide some protection in transit or at rest, they are vulnerable to cracking, sharing, and removal and do very little to protect a document from editing or copying while in use.
- If you do use passwords, enforce a strict password policy. If your chosen password is not long, complex, and unique, it will be cracked in seconds or hours. You also need to make sure there’s password recovery support for forgotten passwords and that it’s secure, etc.
- If you want to share documents securely you must also share the password securely too. Transmitting passwords by email is not particularly secure.
- PGP encryption only protects documents in transit and at rest. It is good at what it is designed to do, but it shouldn’t be seen as a way to prevent unauthorized sharing or prevent document misuse.
- Document DRM builds on PGP encryption to offer comprehensive document protection. It protects documents in transit and at rest while preventing unauthorized access, sharing, editing, and copying by both internal and external users. With the right DRM solution, encryption keys are transparently and securely managed, and documents are only ever decrypted in memory, leaving no route for misuse.
To see whether document DRM is suitable for your needs, take a 15-day free trial of our PDF DRM software, Locklizard Safeguard. Effective protection, combined with flexible and reasonable pricing, enables businesses to protect their sensitive data, maximize revenue, and gain reliable insight into document usage.
FAQs
Why can’t I open a password protected document?
This is likely because you have the incorrect password or the application you are using to view the document does not support password entry. Check the version of the document and any instructions from the sender.
Is the docx password maintained in OneDrive?
Yes. If you use Microsoft Word to protect a document and then upload it to OneDrive, it will ask users for a password before opening. However, this does not prevent users from making unprotected copies of the document by downloading, copying, or printing it, nor does it stop them from sharing the link and password with unauthorized users.
Why can’t I password protect my PDF?
Likely because it is already encrypted in some form. Check for existing passwords and that you are using an application that supports password protection.
Does Locklizard protect docx or other document formats?
No, we only protect documents in the PDF format. You can export to PDF from most applications.
What’s the best way to create a secure password?
Using well-known, local password generation program such as KeePass or other password managers. As long as the algorithm is not faulty, this will produce passwords that do not have patterns, are long and complex, and do not contain dictionary words.