Password Protect a Google Drive Link
Google Drive does not offer native password protection on share links. Here are the three workarounds that actually work — and when to pick each.
Short answer: Drive doesn't do this natively
Despite years of feature requests, Google Drive has no built-in way to put a password on a file, folder, or share link. The access model is account-based: you either grant access to specific Google accounts or you flip "anyone with the link" on. There is no password gate in between.
That doesn't mean you're stuck. Below are the three workarounds people actually use in 2026, ordered from easiest to most secure.
Method 1 — Wrap the share link in a password-protected short URL
The easiest fix. You leave the file in Drive on its normal "anyone with the link" share setting, then give people a zip1.io short link instead of the raw Drive URL. The short link asks for a password before redirecting.
How to do it
1. In Drive, click Share on the file or folder, set General access to "Anyone with the link", and copy the share URL.
2. Paste it into zip1.io, open Advanced Options, type a password (8+ characters), and click Shorten.
3. Share the short URL through your normal channel. Share the password through a different channel (in person, separate email, signal/iMessage).
Or via the API:
curl -X POST http://zip1.io/api/create \
-H "Content-Type: application/json" \
-d '{
"url": "https://drive.google.com/file/d/1aBcDeFgH/view?usp=sharing",
"password": "thursday-meeting"
}'What this protects against: casual link forwarding, a teammate pasting the URL into a public Slack channel, the link surfacing in a search engine cache. Anyone who hits the short URL without the password sees a password page; they cannot reach Drive.
What this doesn't protect against: someone who has the password sharing both the short URL and the password. For that, layer on max-clicks: 1 so the link can only be redeemed once.
Method 2 — Use restricted Drive access (no password, but tighter)
If your recipients all have Google accounts, Drive's own permission system is the cleanest answer. Open Share, set General access to "Restricted", add specific email addresses, and set them to Viewer or Commenter.
Now the link only resolves for those exact accounts. There is no password — Google's auth is the gate. The downside is that recipients without a Google account can't open the file at all, and anyone who needs ad-hoc access has to wait for you to add their email.
Pick this when: you have a known list of recipients with Google accounts. Pick Method 1 instead when you're sharing into a Slack channel, an email distribution list, or a public-ish group.
Method 3 — Encrypt the file before uploading
The only method that actually defends against Google reading your file. Encrypt the file locally with a strong password, upload the encrypted archive to Drive, and share the password out-of-band. The Drive link can be fully public; the contents are useless without the archive password.
7-Zip (free, AES-256) is the standard tool. On macOS, Keka is the equivalent. Compress the file or folder, set a password under "Encryption", choose AES-256, and upload the resulting .7z or .zip.
This is the right method for genuinely sensitive files — contracts, financials, anything covered by a confidentiality agreement. It's not the right method for a Figma link or a quick draft, where the friction of "download and run 7-Zip" outweighs the protection.
Combine for defense in depth
The methods stack:
- Restricted Drive access + zip1.io short link — the short link is the public-facing URL (so the real Drive URL never surfaces), and Drive's permission gate is the second layer.
- Encrypted archive + zip1.io short link with
max-clicks: 1— single-use redirect, encrypted contents. This is what consultants and legal teams use to send signed PDFs through email.
What about the Google Forms trick?
You'll see it recommended in older blog posts: build a Google Form that asks for a password and conditionally reveals the Drive link. Don't rely on it. The Drive URL is still publicly accessible — anyone who completed the form once can copy the link and forward it freely. The form is a UX gate, not a security boundary.
How the methods compare
| Method | Free | Works for non-Google users | Protects against Google reading file | Friction |
|---|---|---|---|---|
| 1. zip1.io password short link | Yes | Yes | No | Low |
| 2. Restricted Drive access | Yes | No (Google account required) | No | Medium |
| 3. Encrypt-before-upload | Yes (7-Zip / Keka) | Yes | Yes | Medium-high |
| Google Forms trick | Yes | Partial | No | High (and not actually secure) |
FAQ
-
Will Google ever add native password protection?
It's been requested for over a decade with no commitment from Google. Drive's design prioritizes account-based collaboration over per-file passwords, and their stance hasn't shifted. Plan as if it's not coming.
-
Does the zip1.io short link cost anything?
No. zip1.io is free, has no signup, and no monthly cap on links. The API is rate-limited at 10 link creations per minute per IP.
-
Can I see who opened the link?
You'll see country, browser, OS, referrer, and timestamp on the stats page at
http://zip1.io/stats/<slug>. zip1.io doesn't see the visitor's Google identity — that data lives in Drive's own access log. -
Does this work for shared folders, not just files?
Yes. The short link wraps any URL, including a folder share URL. The password gate is at the redirect, so it applies regardless of what the underlying URL points at.
Related
Wrap a Drive link in a password
Five seconds. No account. Drive stays the same; the public-facing URL is now password-gated.