March 24, 20265 min read

How to Password Protect Any File — PDF, ZIP, Word, and More

What password protection actually does for PDFs, ZIP archives, and Office documents — including the methods that work and the ones that are theater.

password protection encryption security PDF privacy

Not all password protection is created equal. Some methods use military-grade encryption that would take billions of years to crack. Others are essentially a polite "please don't open this" sign that any free tool can bypass in seconds.

Knowing the difference matters, especially when you are protecting financial records, legal documents, medical information, or client data.

PDF Encryption: The Gold Standard for Documents

PDFs support two levels of password protection:

Owner password (permissions password): Restricts printing, copying, and editing. This is security theater. The actual file content is barely encrypted, and dozens of free tools strip owner passwords instantly. It stops casual users but not anyone with 30 seconds of motivation. User password (open password): This is real encryption. The document cannot be opened at all without the password. The content is encrypted with either:

128-bit AES — Strong. Would take current supercomputers an impractical amount of time to brute-force with a long password.
256-bit AES — Stronger. The standard for sensitive documents. Used by government agencies and financial institutions.

When you protect a PDF with MyPDF, you are applying user-password encryption with AES. The file is genuinely unreadable without the password. Important caveat: Encryption is only as strong as the password. "password123" with 256-bit AES is still crackable in minutes through dictionary attacks. Use at least 12 characters with mixed case, numbers, and symbols.

ZIP File Encryption

ZIP archives support two encryption methods:

ZipCrypto (Legacy): The default in Windows' built-in ZIP. It is from the 1990s and is cryptographically broken. Known-plaintext attacks can crack it in minutes if an attacker knows the content of even one file in the archive. Never rely on this for sensitive data. AES-256 (via 7-Zip, WinRAR, or similar): Genuinely strong. If you need to send encrypted files as a ZIP, use 7-Zip with AES-256 encryption. It is free and the encryption is solid.

To create an encrypted ZIP with 7-Zip:

Select files, right-click, choose 7-Zip > Add to archive

Set archive format to zip (or 7z for better compression)

Enter a password under "Encryption"

Set encryption method to AES-256

Check "Encrypt file names" if using 7z format

Microsoft Word and Excel Protection

Office document protection has three layers, and people confuse them constantly:

"Mark as Final": Does absolutely nothing security-wise. It is a suggestion. Anyone can click "Edit Anyway." "Restrict Editing" / "Protect Workbook": Prevents modifications but does not encrypt the file content. The protection can be removed by editing the XML inside the DOCX/XLSX file (they are just ZIP archives). This stops accidental edits, not intentional ones. "Encrypt with Password" (File > Info > Protect Document > Encrypt with Password): This is the real one. Office 2016 and later use AES-256 encryption. The file cannot be opened without the password. This is legitimate protection, comparable to PDF encryption. Bottom line: If you are just preventing accidental edits, use Restrict Editing. If you are actually protecting sensitive content, use Encrypt with Password — or better yet, convert to PDF and encrypt that for broader compatibility.

What Password Protection Does NOT Do

Even strong encryption has limits:

It does not prevent screenshots. Once someone opens the file with the correct password, they can screenshot, photograph, or transcribe the content.
It does not prevent sharing the password. If you send a PDF and password to the same person, they can forward both.
It does not protect metadata. File names, creation dates, and file sizes are visible even on encrypted files. Name your files carefully.
It does not survive copy-paste. Someone with the password can copy text from the decrypted document into an unprotected file.

Password protection controls access. It does not control what happens after access is granted.

Password Delivery: The Overlooked Step

The most common mistake: emailing a password-protected PDF and the password in the same email thread. If the email is compromised, both are compromised.

Better approaches:

Send the password via text message or Signal
Call the recipient and read the password
Use a pre-shared password established in person
Use a password manager's secure sharing feature (1Password, Bitwarden)

When to Use Each Method

Scenario	Recommended Method
Sending tax documents via email	PDF with AES-256 encryption
Archiving personal records in cloud storage	Encrypted ZIP (7-Zip AES-256) or encrypted PDF
Sharing a contract draft for review	PDF with owner password (prevents casual edits)
Sending medical records	PDF with AES-256 + password via separate channel
Protecting a spreadsheet from accidental changes	Excel Restrict Editing
Storing passwords or credentials	Do not use files — use a password manager

How to Check Your PDF's Encryption Strength

Open your protected PDF's properties (in any PDF reader, usually under File > Properties > Security). Look for:

Encryption method: Should say AES

Key length: 128-bit minimum, 256-bit preferred

If it says "RC4": Re-encrypt the file. RC4 is considered broken since 2015.

Protect PDF — Encrypt PDFs with AES-256
Unlock PDF — Remove password from PDFs you own
Word to PDF — Convert and encrypt in one step
Compress PDF — Reduce file size before encrypting