How to Password Protect a Google Drive Folder (2026)

Why there is no password on a Google Drive folder

People search for "password protect google drive folder" expecting a setting buried in the right-click menu. It is not there. Google's security model is built around accounts and permissions, not passwords.

In Google's view, the "password" is your Google account. Access is granted to identities (email addresses) or to anyone with the link. There is no separate passphrase you can attach to a folder. So when you want to lock a Google Drive folder, you are really choosing between three indirect methods. Let's walk each one with exact steps.

Option 1: Restrict sharing to named accounts (the honest default)

This is the closest thing Drive has to "locking" a folder, and for most people it is enough. Instead of a password, you whitelist specific Google accounts. Only those people can open the folder.

Exact steps:

1. Open Google Drive in your browser.
2. Right-click the folder you want to secure and choose Share.
3. Under General access, click the dropdown and set it to Restricted. This is the key step. "Restricted" means only people you explicitly add can open it.
4. In the Add people and groups field, type the exact email addresses of the people who should have access.
5. Set each person's role: Viewer, Commenter, or Editor. For a locked-down folder, choose Viewer.
6. Click the gear icon (settings) in the share dialog and uncheck Viewers and commenters can see the option to download, print, and copy if you want to limit re-sharing.
7. Click Send or Done.

Now the folder is invisible to anyone not on the list. If a stranger gets the link, they hit a "You need access" wall. That is real protection.

The catch: every viewer needs a Google account, and they must be signed into the exact account you invited. Invite jane@company.com and Jane logs in with her personal Gmail, she gets locked out. For a founder sending a folder to a known investor or a lawyer, this is fine. For sharing with a list of 40 people whose email habits you don't control, it gets painful fast.

Option 2: Zip the folder with a password, then upload

If you genuinely need a passphrase, this is the only way to attach one. You compress the folder into a password-protected ZIP archive on your computer, then upload the ZIP to Drive. The password lives in the ZIP, not in Drive.

On Windows (built-in tools won't add a password, so use 7-Zip):

1. Install 7-Zip (free, open source).
2. Right-click your folder, choose 7-Zip > Add to archive.
3. In the Archive format dropdown choose zip (or 7z for stronger options).
4. Under Encryption, type a strong password and confirm it. Set Encryption method to AES-256.
5. Click OK to create the encrypted archive.
6. Upload the resulting .zip to Google Drive by dragging it in.

On Mac:

1. The built-in Archive Utility cannot set a password, so use the Terminal. Open Terminal.
2. Run zip -er locked.zip /path/to/YourFolder and press Enter.
3. Type your password twice when prompted.
4. Upload locked.zip to Drive.

Now anyone who downloads the ZIP must enter the password to open it. Share the file, share the password separately (text the password, don't email it next to the link).

The honest downsides: this is clunky for the recipient (download, unzip, type password, lose any folder structure for editing). It is a snapshot, not a live folder, so updating a file means re-zipping and re-uploading. There is zero visibility: you never learn whether anyone opened it. And if your password leaks once, the file is open forever with no way to revoke it.

Option 3: Password protect the individual files, then share

Sometimes you don't need the whole folder locked, just the sensitive files inside it. Drive handles this differently per file type.

For PDFs: encrypt the PDF itself with a password before uploading, using Adobe Acrobat, Preview on Mac (Export, then "Encrypt"), or a trusted desktop tool. Once it carries a password, it stays protected even after upload. We cover the full process in how to password protect a PDF.

For Google Docs and Sheets: native Google formats cannot take a file password. What you can control is the published link. Steps to limit exposure:

1. Open the Doc, go to File > Share > Publish to web only if you want a public read-only version. Otherwise skip this entirely.
2. Use Share > Restricted and add named accounts (same as Option 1).
3. In the share settings gear, turn off download, print, and copy for viewers.

This reduces, but does not eliminate, leakage. A determined viewer can still screenshot. See how to password protect a Google Doc for the full set of tactics, and how to add a watermark to Google Docs if your real goal is deterrence and traceability rather than a hard lock.

Original asset: the "lock down a Drive folder" checklist

Copy this, run it top to bottom before you send anything sensitive from Drive.

DRIVE FOLDER LOCKDOWN CHECKLIST
[ ] 1. Set General access to "Restricted" (not "Anyone with the link")
[ ] 2. Add only exact email addresses that need access
[ ] 3. Set every external person to "Viewer" (never Editor)
[ ] 4. Uncheck "Viewers can download, print, copy" in settings gear
[ ] 5. Confirm each invitee uses the Google account you actually invited
[ ] 6. For a true passphrase: zip with AES-256, share password out-of-band
[ ] 7. PDFs inside: encrypt them individually before upload
[ ] 8. Remove anyone who no longer needs access (re-open Share, click X)
[ ] 9. Audit access quarterly: open Share, review the full list
[ ] 10. Decide: do you need to KNOW who opened it? If yes, Drive can't tell you.

That last line is the whole problem with Drive for sensitive sharing. Items 1 through 9 control who can get in. Item 10 is the question Drive cannot answer.

What a folder password is really trying to do

Step back from the mechanics. When someone wants to password protect a Google Drive folder, they almost never want a literal password for its own sake. They want one or more of these:

• Control: only the right people get in.
• Revoke: shut off access the moment a deal dies or someone leaves.
• Expiry: access that ends on a date, automatically.
• Audit: proof of who opened what, and when.

A ZIP password gives you exactly one of those (a weak version of control) and none of the rest. Restricted sharing gives you control and revoke, but no expiry and no audit. That gap is exactly where a purpose-built tool wins.

The cleaner alternative: a controlled Plox link or data room

Plox is built for the job a folder password is faking. Upload your files, and instead of a folder you share a link that you actually control. The link never changes; you can swap the underlying file anytime.

What you can turn on, per link, in the Plox dashboard:

1. Passcode: open the link's Security settings and set a passcode. This is the real "password on a folder" people are searching for, except it works in the browser with no ZIP utility and no Google account required from the viewer.
2. Email verification: require viewers to verify their email before the documents load, so you know who is on the other side.
3. Expiry: set an expiry date or revoke access in one click from the link's settings. Deal off? Kill the link instantly.
4. Block downloads: serve a view-only experience so files can't be saved or forwarded.
5. Dynamic watermarking: stamp every page with the viewer's email and a timestamp, applied per viewer, so a leaked screenshot traces straight back to its source. More on that at dynamic watermarking.
6. Analytics: see who opened the link, how long they spent on each page, completion percentage, and get a real-time notification the moment someone views it.

For a whole folder's worth of files, create a virtual data room: organize documents into folders, add branding, and let Ploxie, the built-in AI assistant, answer viewer questions straight from your documents. A founder raising a Series A can send one data-room link to ten investors, watch exactly which sections each one read, and revoke the deal-killer's access without touching the other nine.

Plox has a genuine free plan: secure links, page-by-page analytics, and real-time notifications, no credit card, no time limit. Passcodes, watermarking, and data rooms sit on the paid tiers, and there's a 14-day Data Rooms trial. Pricing is flat and published; you never book a sales call.

Comparison: ZIP password vs restricted sharing vs Plox link

Dimension	Password ZIP in Drive	Drive restricted sharing	Plox link / data room
Real access control	Password on archive only	Strong, by named account	Passcode + email verification
Revoke access after sending	No (password is permanent)	Yes, remove the person	Yes, one click, link dies instantly
Link expiry / auto-cutoff	No	No	Yes, set a date
Analytics (who opened, time per page)	None	None	Page-by-page + real-time alerts
Watermarking per viewer	No	No	Yes, dynamic per-viewer
Block download / print / copy	No (whole point is download)	Partial (toggle, screenshottable)	Yes, view-only mode
Viewer needs a Google account	No	Yes	No
Live file updates after sharing	No, re-zip and re-upload	Yes	Yes, swap the file, link stays
Ease for the recipient	Low (download, unzip, type)	Medium (must use right account)	High (open link, enter passcode)
Best for	A single static file with a passphrase	Trusted, small, internal sharing	Sensitive sharing you must control and audit

Where Drive is genuinely the right call

Be fair to Google. For sharing a folder of vacation photos with family, a team's shared working files, or a draft with a co-founder you talk to daily, Drive's restricted sharing is excellent and free. It is fast, everyone already has it, and collaboration is real-time. You do not need passcodes, watermarks, or analytics for low-stakes sharing among people you trust. Reaching for a separate tool there is overkill.

The line to watch: the moment the audience is external, the stakes are real (a fundraise, a diligence process, an M&A folder, customer data), and you would care if a file leaked or want to know who actually read it. That is when Drive's missing controls start to hurt and a purpose-built link earns its keep.

Where Plox is not the best fit

One honest limitation: Plox is built for controlled sharing and distribution, not for live multi-editor collaboration. If two people need to edit the same spreadsheet at the same time with cursors flying around, that is Google Sheets' job, not Plox's. Use Drive to create and co-author, then use Plox when it is time to send the finished, sensitive version to people outside your trust circle. The two tools complement each other; Plox is the secure outbound layer, not a replacement for your working drive.

Frequently asked questions

Can I password protect a Google Drive folder without any extra software? Not with a true password. The closest no-software option is setting the folder to "Restricted" sharing and adding specific email addresses, which gates access by Google account rather than a passphrase. For an actual password you need to either zip the contents with an encryption tool first or use a sharing tool that supports passcodes natively.

Will a password-protected ZIP stay protected inside Google Drive? Yes. The encryption lives in the ZIP file itself, so it does not matter that the file sits in Drive. Anyone who downloads it still has to enter the password to extract the contents. The downside is that there is no way to revoke that password later, no record of who opened it, and you lose the live-folder experience.

How do I stop people from downloading files in a shared Drive folder? In the folder's Share dialog, click the settings gear and uncheck "Viewers and commenters can see the option to download, print, and copy." This discourages casual downloading, but it is not airtight: viewers can still screenshot, and it only applies to viewers, not editors. For a true view-only experience with download fully blocked, use a document control link that serves the file without a download path.

Can I see who opened my Google Drive folder? On a standard personal Google account, no. Drive does not show you view-level analytics for shared folders. Some Google Workspace editions surface limited audit logs to admins, but not per-page reading data for a casual share. If knowing who opened what (and for how long) matters, you need a link with built-in analytics rather than a Drive folder.

Is restricted sharing in Google Drive secure enough for investors? For an early, trusted relationship, it can be. But fundraising usually means sending the same materials to many investors, controlling access as the process moves, and watermarking sensitive financials. Restricted sharing offers none of the expiry, audit, or watermarking those situations call for, which is why most founders move to a data room once a raise gets serious.

What is the fastest way to share a folder with a password to non-Google users? Skip Drive's account model entirely. Upload the files to a Plox link or data room, set a passcode in the Security settings, and send the link. The recipient enters the passcode in their browser with no Google account and no ZIP utility, and you get a record of who opened it.

Lock down what you send, not just where you store it

Storing files in Drive is fine. The risk is in how you send them. If you are sharing anything you would mind seeing leaked, stop trying to bolt a password onto a folder that was never built to have one, and send a link you actually control instead. Set up a passcode-protected, expiring, watermarked Plox link in about a minute, on the free plan, and watch exactly who opens it.