Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Can I Password Protect a Folder?

//
Can I put a password on a folder so only I can see its contents?

Yes and no, and probably not in the way you’re imagining it.

You can do something similar to password-protecting it using Windows security features, but success depends on using the computer the “right” way. I don’t really recommend it. If you have something you want to password protect and keep secure, I recommend a different approach.

Become a Patron of Ask Leo! and go ad-free!

Windows security

Windows allows you to place restrictions on who can do what with a folder or file. In Windows File Explorer, right-click on a folder. Click on Properties and then click on the Security tab.

Folder Security Properties

Here you can see the security properties of a folder on my machine called “SecretFolder”.

You can control who has access to that folder. By default, any “Authenticated Users” — users with login accounts on this machine — can examine the contents of that folder. I can remove that and further restrict access on an account-by-account basis.

It’s actually very powerful, but complex.

The problem, from my perspective, is that it’s based on Windows user accounts. If you give your own account full access to the file, as I assume you would, then anyone who can log in to the machine as you can immediately access the file. There’s no real password on the folder; it’s your ability to log in to Windows using your login password that controls access to the file.

For many who use Windows in what I’d call “the Windows way” — different login accounts for different users, and always logging out when you’re not using the machine — that might be enough.1 For example, in a corporate environment, this might be the recommended approach.

I prefer a different approach: encryption. There are two options I’d consider.

VeraCrypt

For many years, my approach was to use the free open-source tool VeraCrypt to create an encrypted volume.

An encrypted volume is a single file on your computer’s hard drive. If someone looks at the file, they have no way to view its contents.

Once you “mount” the file using VeraCrypt, supplying the correct pass-phrase to unlock it, the contents of the file appear as another drive on your system.

For example, I might have a file “C:\Users\LeoN\secretstuff.vc”. There’s nothing you can do with that file without VeraCrypt and the passphrase to the file. Since I know the passphrase, I can mount it using VeraCrypt, and suddenly a new drive appears — say drive “P:”. That drive contains all my protected files. I can change them, update them, delete them, or do whatever I want with them. Once I’m done, I can hide them all again by unmounting the VeraCrypt drive.

It’s both simple and elegant.

It’s also not tied to Windows user accounts or anything else. In fact, you can copy your encrypted file to another machine entirely and mount it with VeraCrypt. You can even mount it on other systems, such as Macs and Linux machines.

Cryptomator

Cryptomator (which is conceptually very similar to BoxCryptor) works very similarly to the process I just outlined for VeraCrypt, except each file is encrypted separately. Rather than a single encrypted volume, you’ll have many individually encrypted files and folders. When you “mount” the encrypted folder — once again specifying a passphrase to unlock it — the unencrypted version of that folder appears as an additional drive on your system.

Cryptomator is designed for encrypting files placed in cloud storage. Encrypting them individually allows them to be uploaded to cloud-storage systems individually, rather than needing to upload an entire VeraCrypt volume every time any file changes.

But there’s nothing that says you need to use it in conjunction with cloud storage.

For example, I might have a folder “C:\Users\LeoN\SecretFolder” on my machine. Its contents appear as randomly-named files and folders, each containing only random, encrypted data. When I mount that folder using Cryptomator, specifying the correct passphrase, a new drive appears on my machine — say drive “P:” again. That drive contains all the unencrypted files and folders within SecretFolder. I can change them, update them, delete them, or do whatever I want with them. Once I’m done, I can hide them all again by simply unmounting the folder in Cryptomator.

Encryption is the answer

Password protection isn’t enough. What you really need to protect your files is encryption. Solutions like VeraCrypt, Cryptomator, and others are the safest ways to ensure your data remains secure.

Podcast audio

Play

Footnotes & references

1: I’d probably want to add Bitlocker or Windows’ own file encryption, so the file is actually encrypted on disk, and only decrypt-able by the login account that encrypted it.

53 comments on “Can I Password Protect a Folder?”

  1. I have a USB drive, pen drive, whatever you call it. I need to password protect a folder, insert all kinds of data into that folder, so all my data is password protected through the main folder. And I will need to use those files on a bunch of PC’s, so no 3rd party SW can be used. Can anyone tell me how I can accomplish this?

  2. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Look into what’s called “Traveller Mode” for Truecrypt.

    There’s no way to do what you want natively in Windows and have it be able to
    travel from machine to machine.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHEqowCMEe9B/8oqERAs2AAJ437lQymXlAxvJcLEdOaQN2Fg3hjgCgjq8S
    7jd+Oi3jI2AFjHrlTlrExsg=
    =+89g
    —–END PGP SIGNATURE—–

  3. I think using windows features to paasword protect a file(s) is ok, but there is always work arounds on stuff created by microsoft. I agree with Leo that a third party SW is the best security you can get. Hopefully it not packaged with a trojan/worm. πŸ™‚

  4. My situation is just a tad different and I was hoping you might have a recommendation for me.

    I have some online web forms that collect data from users that will out the forms. The information is then stored in a particular folder on a web server. I need the web forms to be able to write to the folder .. so the data can be saved, but I don’t want anyone (that either doesn’t have the appropriate permissions or a password) to look into the folder. So it needs to be able to write to the folder from my web forms, but it needs to prevent anyone that doesn’t have permission to even look into the folder.

    Any thoughts on the best way to handle this?

    Thanks,
    Gary

    • Another suggestion is to not use “flat” files to store user inputs, but a small (SQL?) database which can offer additional security .

  5. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Depends on the server type, but that’s typically done with
    simple account-level security. Set the permissions so that
    only the account running the web form can read or write to
    the file.

    Alternately, if the data is highly sensitive, you could
    encrypt it with public key encryption, making sure that the
    decryption key is not kept anywhere on the server.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIYZbACMEe9B/8oqERAn5QAJoD1qvoRemGHvh544gcX+6VgrW4UQCfdtWr
    Bl/VDZ6VMYeZxl5OvC3DMsU=
    =xgvO
    —–END PGP SIGNATURE—–

  6. just remember that the restrictions are not applicable on a FAT drivers but on NTFS drivers

    thx for this great site.

    • The bat file did not work, I wrote the contributor about the error message that I keep getting when running this bat.
      Here is what I wrote him:
      This bat file does not work, here is the error message that I very quickly took of the window snapshot with PrintScreen as it disappears in just a second:
      β€œThe system cannot find the batch label specified – End”
      Can you fix this?:

  7. Hi,

    I dont know what really happened to one of my personal folders in my computer in the office. All my private stuffs are there. All of a sudden it was unaccessable. I can’t open nor delete it. What I know is that only the Administrators can do that.

    I have certain files there, that is very confidential. Im thinking of making a new folder, and then putting there the unaccessable folder and put up a password or do i have any options to keep it from being accessed.

    Could I use the TrueCrypt?

    I hope you could help me, as soon as possible.

    Thank you very much.

  8. Leo, how can I uninstall TruCrypt? After installing this software I realized that it is not what I was looking for. I deleted it from my comupter (or so I thought) and performed a system restore function, but I am still missing 100 GB from my C drive, which I allocated for this function. I would like to have that space back in the C drive. Please advise on how I can get it there. Thank you – Robert

    My guess is that you created a TrueCrypt container after you installed TrueCrypt. Simply track that down and delete it.

    – Leo
    24-Nov-2008
  9. All this is good, True Crypt does give security. But the True Crypt file itself is vulnerable: if the file is in the My Documents folder, say data.tc, anyone can see its there and delete it, and with that, all the data is also lost, isn’t it? So is there any way to prevent a person who has physical access to the system to be unable to see or delete a particular file (except for formatting, where everything is lost)?
    Thanks.

    Not really. If someone has physical access all bets are off. This is why the single file is also very handy: it’s extremely easy to back up, and should be backed up regularly.

    – Leo
    19-Jan-2009
  10. Truecrypt is indeed the most secure container as Leo said. It uses military grade blowfish 256 [ 128 ] des encryption to format an area on the hard disk. It uses next to nothing in resources, is totally transparent and mounts/unmount’s in a flash. The only fly in the ointment is if you decide you no longer need the ‘container’ wiping it off the HD will only render that portion the container used – unreadable since it now has no regular format. Effectively, it is lost HD space unless you reformat that section with a utility and then either give it a drive letter or use something like partician magic to reclaim that bit of HD.
    I have been using TC for yonks to store my invention circuits and even if I decide to wipe it out [ the files NOT the container ] the space is still there to use even if it doesen’t HAVE to be encrypted. It would just mean I have to mount this drive with TC to use it for anything else. Since TC can be used on ANY drive [ rewritable DVD or stick drive ] and you think there will come a time when you don’t need a TC file – make the container on a 4-8 -16GB stick drive and just plug it in to a USB slot. This makes the files ultra safe as the stick can be removed and stored elsewhere in case the PC does a flame out and trashes the hard drive totally [ happen to me once ].

  11. it seems that the protocol used by winsesame is beter than truecrypt and a professional version has a function to protect against deleting the folders protected by the program a sort of UAC protection for this sort of documents. this program has also diskweeper and memoryweeper functions. good for paranoia.

  12. John
    If you delete a TrueCrypt container file once it is dismounted then you do not lose that space on the host filing system. Even a container file sits within the filing system and Windows treats it like any other file whether it’s encrypted or not. So deleting it is no different to deleting any other file.
    Will

  13. Yes in fact winsesame is the best soft for password protect folers. It works on external drives usb flash drives or network. The folders can be send by email attachment. This soft can be downloaded from the site http://www.winsesame.com
    There is a free version for folders less than 1Mb which is enough for everyday use.

  14. Leo, Is what Johns saying above about lost HD Space correct with regard to Truecrypt?

    It’s unclear exactly what his point is.

    If you delete a TrueCrypt container, that space is returned to the filesystem.

    If you delete files within the container, that space is returned to the available space within the container.

    – Leo
    06-Apr-2009
  15. I have two queries

    1) If i uninstall truecrypt then will anyone will be able to access the folder.

    2) Can i encrypt the folder and store in my portable Hard disc or Flash drive etc.

    N.B- If i want to view encrypted folder in a new machine i have to install the s/w in that machine

    1) No. Your encrypted containers remain encrypted. Without Truecrypt installed even you will not be able to access them. 2) Absolutely, I do this all the time. NB) Check out the truecrypt documentation, they have a way to install on a portable drive.

    – Leo
    21-Apr-2009
  16. Do you have any solution for adding a password to access the internet or to open a folder? It’s a shared computer at work that I want to prevent free access to the internet without restricting access to sites once enabled. Also something similar for a folder that any file could go into and only be opened by password. I only know of password protecting a Word document.
    Thank you

  17. With TrueCrypt can you also password protect pictures? >jpg or??? If not is there a program that hides them from little eyes?

    With Truecrypt you create an encrypted container, and into that container you can put whatever you like.

    Leo
    26-Nov-2009

  18. Just to be on the Safe Side, if you’re going to delete a TruCrypt Container (or any other encrypted file, for that matter) you might want to consider using a File Shredder as well. A little Paranoia never hurt anyone! πŸ™‚

  19. I also use the Open Office Org programs that have the ability to assign a password when saving the file thereby making it necessary to enter the password to open the file.

  20. I also use the Open Office Org programs that have the ability to assign a password when saving the file thereby making it necessary to enter the password to open the file.

  21. Thanks for the nice article … My problem is that I don’t see the “Security” tab in the “Properties” dialog box of my folders. Only “General”‘ “Sharing”‘ and “Customize” are there…
    Any syggestions please!!!
    Thankyou!!

    You’re probably running the “Home” version of one of Windows OS’s. XP Home, for example, does not include the security tab (except in Safe Mode, I believe).

    Leo
    14-Jul-2010

  22. I am using Windows XP Professional and my properties does not have the security tab either. Can I use TrueCrypt on an external hard drive that is shared?

    You can, but I would run TrueCrypt on one machine – the one with the drive attached – and then share the mounted volume. I would not expect Truecrypt running on two machine trying to mount the same volumn to work well if at all.

    Leo
    10-Nov-2010

  23. Possibly a dumb question, but if you have more than one OS on a machine and you want to sucure files between them, would that be a separite install for each OS? If so, could more than one installation of TrueCrypt on the machine cause any problems?

    You could install TrueCrypt on each OS just fine. As long as the container file was accessible to both it could be mounted in either.

    Leo
    29-Dec-2010

  24. Hi,
    I secured my folders on Windows and changed my OS to linux, now I can’t access them. Can you let me know how I can access them from linux?

    It all depends on HOW you secured them. If you used Windows built-in encryption, then you cannot access them from Linux.

    Leo
    14-May-2011

  25. can you have different password with different folders?

    Please read the article – your question actually doesn’t quite make sense given the information presented in the article. Certainly different user accounts can have different passwords if you go that approach, and different TrueCrypt volumes can have different passwords if you elect to use that.

    Leo
    23-Oct-2011

  26. why is my “Encrypt contents to secure data” button not clickable?

    Typically that means that either the filesystem is formatted FAT32, which does not support encryption, or you’re running the Home version of Windows, which doesn’t include it.

    Leo
    23-Oct-2011
  27. @Jebbie
    You can create as many TrueCrypt containers as you want, each with a different password. If you use the Windows built in method, you are limited to the password used to log in to Windows.

  28. @Patrick
    You haven’t given enough information to begin to answer your question. Which password did you forget, program, email, windows log-in? Some have recovery options some don’t. If you forget a Truecrypt password, for example, it’s lost forever.

  29. @Mak
    If a file is deleted it normally goes into the recycle bin. If the recycle bin has been emptied or the file has been deleted bypassing the recycle bin, it can often be recovered if it hasn’t been rewritten using Recuva.

    But an ounce of prevention is much better than a pound of cure: Keep a current backup of all of your data.

  30. Downloaded and installed and attempted to follow the tutorial with more than one attempt. Various windows appeared not in tutorial and finally gave up to search for something that did not require a geek brain to operate. 0/10 and I do not consider myself a newby.

  31. Most of the above methods/procedures are quite elaborate.
    Most people have Winzip or Winrar on their machines.
    Just Right click your folder and select Add To Archive, enter a password and hit OK.
    Pretty simple and takes all of 90 seconds, works for me.
    What do you think Leo?

    • Actually in my experience most people don’t have Winzip or Winrar. The problem is that you must then delete the files you zipped (to protect them), and unzip then every time you want to use them, remembering to re-zip and delete every time you make a change. That’s also pretty cumbersome.

  32. …related to the theme of folder protection by password, I use FlashCrypt, and it is exactly what it is about ….free and very simple program, which, after installation, is located in the right-click menu … you can choose any folder, click on protect with FlashCrypt, enter a password, and then choose whether or not the original folder is deleted or left in the same place …. it is recommended to delete the original and when you need it just specify that folder and decrypt …. enter the same password, and everything is in here … of course, it is important not to forget the password, because then there is no return … but, definitely, my first choice … simple, and at the same time very functional ..

  33. I’ve never encrypted anything because of a single fear … what if the encryption algorithm fails? I might be showing naivety here but I’ve had compression algorithms fail so I’m afraid to use encryption for the same reason. If I understand correctly, a corrupt encrypted file is worthless and lost forever, yes?

    • Typically, yes. Encryption failure is rare, but … this is also why we back up. If there’s only one copy — encrypted or not — then you’re not backed up and are at risk of losing it.

  34. Geez all seems so difficult in comparison to the software that is already on Western Digital external drives these days. Took seconds to just pick a password for the drive, when you mount it anywhere it asks for the password, simple. Don’t know if it has encrypted anything but It definitely didn’t sit there with any progress bar showing encryption happening.
    My seagate didn’t have any security software on it like the WD drive did.
    Is there any software to put on my external seagate drive and do the same thing without having to encrypt everything? Just want a darn simple password option -weaker than encrypting for sure but is this possible?

    Thanks;)

    • Encryption is a complex mathematical process which uses the CPU intensively. That’s why it takes a long time. Any non-encryption password would be trivial to crack. I’d compare it to a padlock from a dollar store, good just to keep the honest people honest.

      • That would be great, all I’m looking for to keep kids from opening folders or a drive. Western Digital has pre loaded security tools so it was simple minute to set up password that locks whole drive without many hours encrypting. I don’t see Veracrypt having that simple folder lock by password option without encrypting it all, am I wrong on that? (I’m worried about encryption going bad tho rare)
        How about a free version simple one like Folder Lock I found on File Hippo? Ah geez just tried that one and you have to make a container on your computer then ‘convert’ it to a portable container then copy to external drive. My external drive is almost full 1 TB all in one folder and I don’t have that material on my computer. Isn’t there software just to add to the drive that will ask for a password same as the virtual cd pop up asking for a password up that happens when you’ve used the western digital pre installed software on their drives?
        thnx for help;)

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.