ZIP file security


Just how secure is zipping your files up and protecting them with a password?

ZIP files

I've been using ZIP files for a long time and as a compressed data storage method they were a great idea, but that was a long time ago when storage media cost a lot of money. These days blank CD and DVD disks cost small change and you can pick up relatively cheap reliable hard drives at any decent computer store. So there is really no need to compress a lot of files together to save on space, especially when there is never any guarantee that you will be able to extract your files later.

I wouldn't like to count the amount of times that I have revisited a zip archive in order to retrieve a file only to find that the archive is corrupt. At one point it got to the point where I vowed never to use the zip compression format again. That is until they added data encryption.

ZIP file security

An option when creating a ZIP file (but not available when using Windows compressed file facility) is to choose to encrypt your files using a password.

While the available encryption is pretty good, the application has several vulnerabilities so a strong password is always advised. Taking that into account, using ZIP with encryption is a fairly secure method of storing sensitive data, but one I would only really recommend for transporting files on portable media such as a USB memory stick or SD card rather than as a long term secure storage solution.

Don't forget to carry a copy of the ZIP tool that you used to create the ZIP files as not every ZIP tool can uncompress zip archives created by another.

Offshoreaccounts.txt and naughtygirl.jpg

One issue that I have with zip files is that you can look in a zip archive at the names of the files contained within it, even if you cannot open them. These file names might prove just enough for someone to guess your password or to obtain the information they are after; such as if you are hiding bank files or illegal images.

Don't forget to give your zip-encrypted files generic file names that give nothing away about their contents!

Last word

The use of ZIP to protect sensitive files is ok in my opinion as long as you use a strong password and generic file names. That said I only recommend using ZIP for the secure transportation of your data on portable storage media and not as a long-term storage solution.

Don't forget to keep backups of your data just in case you lose or misplace your portable storage device. Or the zip file becomes corrupt.

If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at

Article date: 8th February 2011

Click here for more articles