How to Password Protect a Folder or File in Windows

3 ways to password lock a file or folder in Windows

You can password lock a file or folder on Windows devices by using Windows’ built-in folder encryption, downloading external password protection software, or by using full encryption software and lock tools.

1. Use Windows’ built-in folder encryption

The most straightforward (but perhaps least secure) way to encrypt your files is to use Windows’ built-in folder encryption feature, known as Encrypting File System (EFS). This is not available on Windows Home editions and requires an NTFS-formatted drive.

Here’s how to encrypt a file or folder using EFS:

1. Navigate to the folder or file you want to encrypt. Right-click the item, click Properties > Advanced.

2. Check Encrypt contents to secure data > OK > Apply.

   

3. When prompted, choose to encrypt the folder, not just the file. This means that temporary files created when you edit the file will also be encrypted.

4. Click Back up now (recommended) to back up your encryption key and certificate.

   

   If this prompt does not appear:

   1. Press Win + R, type “certmgr.msc” and hit Enter. Click Personal then double-click Certificates.

   2. Find your Windows username. Under Intended Purposes, it should say Encrypting File System. Right-click then hover over All Tasks and click Export.

   3. Skip to step 7.

5. Click Next > Next. Ensure that Personal Information Exchange - PKCS # 12 (.PFX) is selected and the boxes for Include all certificates in the certification path if possible and Enable certificate privacy are checked.

   

6. Check the box next to Password, then enter the password and hit Next.

   

7. Set the location of the backup and click Save > Next > Finish.

Now, when you navigate to the encrypted folder, you’ll see a small lock on the file icon. New content added to that folder will automatically be encrypted as well.

This encryption is tied to your Windows account, so when you’re logged in, the operating system automatically decrypts your files. If someone were to log in through another account, the files would be encrypted and they wouldn’t be able to access them.

However, since your files are accessible through your account, if someone gets unauthorized access to your computer while you’re logged in, this encryption is useless.

A strong password can help keep your account safe, although a cybercriminal may be able to manipulate the Windows password recovery process. That’s why multiple layers of security are essential. Encryption, complex passwords, and antivirus software together provide a stronger defense than any of these alone.

You can also help keep your data safe by installing Avast BreachGuard. If your passwords or other personal data are found to be leaked online, BreachGuard will warn you. That way, you can regain control of your accounts before anyone has the chance to log in with your credentials.

Use Device Encryption or BitLocker

Some Windows Home PCs have a feature called Device Encryption, which allows you to encrypt your operating system (OS) drive and fixed drives. Any files or folders saved to the encrypted drive will be unreadable without your Windows account or a backup recovery key.

Here’s how to use Windows Device Encryption:

• Sign in to Windows using an administrator account. Search for and open Settings via the taskbar, then click Privacy & security. Toggle on Device Encryption.

BitLocker is an advanced tool similar to Device Encryption that allows you to encrypt fixed, internal, or removable hard disks. BitLocker is only available on Windows Pro, Enterprise, and Education.

Here’s how to use BitLocker:

1. Sign in to Windows using an administrator account. If you want to encrypt a removable drive, connect it via USB.

2. Search BitLocker via the taskbar, then open BitLocker Drive Encryption.

3. You will see the drives available for encryption. Click Turn on BitLocker next to the drive you want to encrypt.

4. Choose how to unlock the drive, depending on the drive you’re encrypting:

   1. For an OS drive (C:): Select an option that requires a PIN or startup key. Enter and re-enter the PIN (if prompted), then click Continue.

   2. For a fixed data drive or removable drive (USB): Select Use a password to unlock the drive, then enter and re-enter the password and select Continue.

5. Choose where to store the recovery key:

   1. Save the recovery key to a USB flash drive.

   2. Save the recovery key to a file.

   3. Print the recovery key.

6. Hit Next, then choose Encrypt used disk space only or Encrypt entire drive > Start encrypting.

7. The drive encryption will start automatically and you can continue using the computer. If prompted, click Restart, then enter your PIN or insert your startup key.

Ensure that you keep your PIN or startup key and recovery key safe — if you lose these, you won’t be able to access your encrypted drive. For some computers and encryption options, you must also have TPM (Trusted Platform Module), a Windows security feature on most modern PCs, enabled.

Here’s how to check if TPM is active and enable the feature, if required:

1. Press Windows key + R, type “tpm.msc” and hit Enter.

2. Read the message:

   1. If the message reads TPM is ready for use you can continue your BitLocker setup.

   2. If the message reads Compatible TPM cannot be found you need to enable it, if present, using the following steps.

3. Save and close any open work. Click the Start menu > Power icon > Restart.

4. During the restart process, repeatedly press the key displayed briefly on screen (often F2, Del, ESC, or F10) to enter the system’s BIOS/UEFI settings.

5. Find the TPM setting (look under advanced security settings or trust computing). Set TPM to Enabled and hit Save.

Protect an Excel file

If you want to password protect an Excel file — perhaps one that has sensitive financial information — you can use the built-in Protect Workbook feature.

Here’s how to encrypt and password protect an Excel file:

1. Open the Excel file you want to encrypt. Click File > Info.

2. Click Protect Workbook > Encrypt with Password. Type a unique password and click OK.

3. Type your password again and click OK.

Protect a PDF file

You can password protect a PDF file for free using the Windows’ built-in folder encryption or on the Adobe Acrobat website (requires sign in). Alternatively, if you have a paid subscription to Adobe Acrobat, you can use the desktop app by following these steps:

1. Click All Tools > Protect a PDF > Encrypt with Password > Yes.

2. Select Require a Password to Open the Document, enter a unique password, and click OK.

3. Type your password again and click OK.

4. Click OK on the security message, then save the PDF to apply the changes.

Protect a Word document

Microsoft Word includes a document encryption tool. Enabling this feature requires all users to input a password before they can access the file.

Here’s how to password protect a Word document:

1. Open the Word file you want to encrypt. Click File > Info.

2. Click Protect Document > Encrypt with Password. Type a unique password and click OK.

3. Type your password again and click OK.

Encrypting a Word file from within the app offers strong protection because any copies made from the original that are uploaded to the cloud, shared via email, or found in a backup will still require the password. However, once the file is encrypted, its contents can be copied without restriction.

2. Use password protection software

Unlike EFS in Windows, third-party password protection is not tied to a specific user account. These tools use file-level encryption that requires any user to enter a password before opening the document.

While strong password protection will be enough for most users, if you have sensitive data, then more advanced methods such as third-party encryption tools can be used to safeguard data on Windows 10 & 11.

If you want to know how to lock a folder without moving its location, go with one of these apps:

• Folder Lock: Makes it easy to put a password on a folder, and it can password protect and encrypt files and folders quickly. The software uses Advanced Encryption Standard (AES) 256-bit keys — the same level of encryption you’ll find with many powerful VPNs, like Avast SecureLine VPN. It includes a file shredder and a cloud-based backup solution as well.

• My Lockbox: Is a lightweight tool that works for Windows 11 and 10, and older versions like Windows XP, Vista, and Windows 7. After installation, the tool will ask you to set a location for your locked folder. Great for those who want to know how to lock a folder on their PC with a specific location such as a certain drive.

3. Use full encryption software and lock tools

You can use disk-encryption software for more robust security than just a password. These tools can help protect against advanced brute-force attacks, which try to crack passwords and encryption keys using different combinations.

Full-encryption software adds both password and encryption protection to your files, providing stronger security than either of these alone.

7-Zip

7-Zip is free, open source software that can be used on most Windows operating systems. It’s essentially a file archiver that uses high compression and strong AES-256 encryption.

To secure your data with 7-Zip, follow these steps:

1. Download, install, and open 7-Zip File Manager.

2. Select the file or folder you’d like to protect and click Add.

   

3. Type a file name, then enter and re-enter a strong password. Select AES-256 from the Encryption Method dropdown and click OK.
   

Your file or folder is now compressed, encrypted, and protected. To decompress and access your 7-Zip archive file: Open 7-Zip File Manager and select the file or folder you’d like to open. Click Extract, type the password, and click OK.

VeraCrypt

With support for AES, Serpent, and Twofish encryption keys, VeraCrypt is a free, cross-platform data security tool that comes with full disk encryption and also can encrypt at the volume (folder) level. You can decide whether you want a specific folder encrypted or an entire system.

VeraCrypt works by creating a volume, which is an encrypted folder to house your data. Cleverly, it generates the encryption key using random mouse movements — the more you move the cursor around, the stronger the encryption will be.

You can create a standard volume or for extra protection, a hidden volume. A hidden volume adds a secret second container inside the first one and is favored by users at risk of extortion — the main folder will seem empty, giving the owner plausible deniability.

Here’s how to create a standard VeraCrypt volume:

1. Download, install, and launch VeraCrypt. Click Create Volume.
   

2. Select Create an encrypted file container, click Next > Standard VeraCrypt volume > Next.
   

3. Click Select File and navigate to where you want to store your encrypted container. Click Next.
   

4. Select AES in the Encryption Algorithm dropdown menu and click Next. Type your desired volume size (10 MB should be enough unless you have large multimedia files).
   

5. Enter and re-enter a complex password and click Next.
   

6. Move your mouse until the green bar is full to create a strong encryption key. Click Format.
   

Your first encrypted volume should now be sitting in its designated folder. To add data to your volume, you need to mount the drive — this decrypts the volume so you can copy across files and folders.

Here’s how to add files or folders to your volume:

1. Select a drive on the VeraCrypt home screen, click Select File. Navigate to the folder where you saved your encrypted volume and click Open.
   

2. Click Mount and enter your password. Click OK. Your volume is mounted and should appear in This PC along with your other drives.
   

3. Double-click the mounted drive, then copy across any files and folders you want to encrypt. Click Dismount to close and encrypt the folder again.

AxCrypt

AxCrypt is encryption software that is designed to encrypt individual files rather than whole folders. This makes it a popular choice for users who only want to protect highly specific files and documents, such as those containing financial or other sensitive information. You can use AxCrypt to password protect your files with the following steps:

1. Download, install, and launch AxCrypt. Sign in with your AxCrypt ID. If you don’t have one, you’ll need to sign up.

2. In Windows File Explorer, right-click on the file you wish to encrypt. Select AxCrypt > Encrypt.

3. Enter your chosen password and follow the onscreen instructions to confirm.

WinRAR

A RAR file consists of one or more files that have been compressed into a single password protected file. WinRAR can be used to create, encrypt, and open these RAR files. WinRAR is designed to both zip and lock in one step so you don’t need to create a Zip folder prior to adding a password.

Here’s how to password protect files using WinRAR:

1. Download, install, and launch WinRAR.

2. Select Open from the top menu and choose the ZIP folder you wish to lock.

3. Go to Tools > Convert archives > Compression.
   

4. Select Set Password. Type and re-enter your chosen password, then click OK > Yes.
   

WinRAR is free for 40 days, after which you will be prompted to pay for a license.

The difference between password protection and encryption

Password protection is like locking a highly sensitive document in a safe. The password is the combination that unlocks access to the document. Encryption is like scrambling all the information in that document so it becomes unreadable and can only be turned back into the correct form if you have the special decoder key.

Authentication in this analogy is checking that you know the correct combination to the safe. There are three main types of authentication.

• Knowledge-based authentication: Requires knowledge of a password, PIN, or answer to a security question.

• Possession-based authentication: Requires a physical object, such as an authenticator app, smart card, or special USB drive.

• Inherence-based authentication: Requires something inherent to you and is often referred to as biometrics (fingerprint, face ID, etc.)

Encryption scrambles a document’s data so that it looks like a wall of random characters. To access the document, you need to have a decryption key. Unencrypted documents are stored normally in plaintext, and anyone can read them. Documents encrypted by a user are unreadable to other users, even on the same computer.

Password encryption is a third option that combines password protection and encryption. If someone has the right password to unlock the file or folder, they still won’t be able to read it if they’re not logged in as the authorized user and don’t have the encryption key.

Why password protect files?

You should password protect files to prevent access from unauthorized users. For example, if you share your computer with others, you may want to password protect your files to prevent someone accidentally deleting or modifying an important file. Similarly, if you have a work computer, you might be bound by compliance and data protection procedures to password protect sensitive files and folders.

Why can’t I password protect a folder?

If you’re unable to password protect a folder, it’s most likely because you’re using Windows Home. Certain encryption options, such as EFS and BitLocker, are only available on Windows Pro, Enterprise, or Education.

Even methods compatible with Windows Home, such as Device Encryption, require specific hardware and software.

If you don’t have built-in Windows features that you can use to protect your file or folder, you’ll need to use encryption software.

Managing files and passwords

Now that you know how to password protect and encrypt your files and folders in Windows, all that’s left is keeping your passwords safe and following good security practices.

Back up your data

Consider what might happen if you lose your master password, your encryption software becomes corrupted, or if the files themselves get lost. Backing up your data regularly can help avoid this. Similarly, using a password manager helps back up all your passwords by storing them in one secure location. This means if you forget one, you can easily access it, as long as you remember your master password. You can even clone your entire hard drive to an external storage device.

Some of the tools mentioned above, like Folder Lock, come with their own cloud-based data backup solutions. But you can use Microsoft’s OneDrive or the free Google Drive as well.

Create strong passwords

The biggest challenge with strong passwords is remembering them. But you’re setting yourself up for potential data theft if you create one password to use across all of your accounts. The common alternative — creating simple, easy-to-remember passwords — is just as bad.

Weak and common passwords are easy for hackers to crack using programs that cycle through different key combinations at unfathomable speed. For example, a modern NVIDIA GeForce RTX 4090 can run through an estimated 164 billion hashes (what passwords are often stored as) per second using hashcat, an advanced password recovery tool. The tool itself works by trying a password, hashing it, and then comparing the hashed guess to the stored hash. If they match, then it has cracked the password.

That’s why long, unique, and hard-to-guess passwords are one of the best ways to protect your files and devices against hackers. Use a tool like Avast’s Random Password Generator to create strong passwords.

Keep your new passwords safe and secure

Now that you’ve secured your files with unique and secure passwords, protect all your passwords and accounts with Avast BreachGuard.

With 24/7 dark web monitoring, BreachGuard will alert you if it detects that your passwords or other personal data are leaked, helping you to respond ASAP and stay ahead of anyone looking to compromise your accounts. Avast BreachGuard’s data breach detection also helps you ensure your passwords are strong and sufficiently different passwords that have been leaked in the past.