Why Emailing Protejat cu Parola ZIP Files Is Not Secure (And What to Do Instead)
The practice of sending protejat cu parola ZIP files with the password in a separate email is fundamentally flawed. Learn why this approach fails and discover secure file sharing alternatives.

Why Emailing Protejat cu Parola ZIP Files Is Not Secure (And What to Do Instead)
"Compress the file into a protejat cu parola ZIP, email it, then send the password in a follow-up email." This practice is standard in many organizations — and it's fundamentally broken.
In Japan, this method is so common it has a name: PPAP. The Japanese government officially abandoned it in 2020. Here's why every organization should do the same.
Why This Method Doesn't Work
1. Password Travels the Same Path as the File
You send the ZIP file and the password from the same email account to the same recipient. If the email is intercepted, the attacker gets both. It's like locking your door and taping the key next to it.
2. Security Software Can't Scan Inside
Most email security gateways can't inspect the contents of protejat cu parola ZIP files. Instead of improving security, this practice actually creates a pathway for malware to bypass your defenses.
The Emotet malware campaign specifically exploited this by distributing itself through protejat cu parola ZIPs.
3. ZIP Encryption Is Weak
Standard ZIP encryption (ZipCrypto) has known vulnerabilities. With the right tools, these files can be cracked in minutes.
4. Doesn't Prevent Misdirected Emails
If you send the first email to the wrong person, you'll almost certainly send the second one to the same wrong person. This method provides zero protection against human error.
5. Terrible User Experience
- Recipients must dig through emails to find the password
- ZIP files are difficult to open on mobile devices
- Repetitive password entry is frustrating
Better Alternatives
Option 1: Cloud Storage Sharing Links
Use Google Drive, OneDrive, Dropbox, or similar cloud storage to share files via links.
Pros:
- Granular access permissions
- Download tracking
- Ability to revoke access
- Malware scanning works
- Version control
Cons:
- Not all services allow password-protecting individual links
- IT policies may restrict external sharing
Option 2: Protejat cu Parola Links
Wrap your cloud storage sharing link with protectia cu parola. LOCK.PUB lets you add a password to any URL — including Google Drive links, Dropbox links, or any download URL.
| Comparison | ZIP + Email | LOCK.PUB + Cloud |
|---|---|---|
| Password path | Same (email) | Can be separated |
| Malware scanning | Blocked | Works normally |
| Access logs | None | Available |
| Revoke access | Impossible | Link deletion |
| Misdirected email fix | None | Delete link immediately |
Option 3: Business Chat File Sharing
Share files directly through Slack, Microsoft Teams, or other business messaging platforms. These provide better security than email attachments, though retention policies and setari de securitate need attention.
Option 4: Enterprise File Transfer Solutions
For organizations with strict compliance requirements:
- Box — Fine-grained access control and audit logs
- SharePoint — Microsoft 365 integration
- Citrix ShareFile — Enterprise-grade secure transfer
How to Transition Away From ZIP + Email
Step 1: Assess Current Usage
- Survey how widely this practice is used in your organization
- Identify which external partners expect this method
Step 2: Choose Alternatives
- Select tools that fit your IT environment
- Compare costs and operational overhead
Step 3: Gradual Migration
- Start internally first
- Notify external partners of the change
- Allow a transition period
Step 4: Formalize and Train
- Document new file sharing policies
- Train all employees on the new procedures
The Core Principle: Separate the Password from the File
The fundamental rule is: never send the password through the same channel as the file.
Email the file (or link), send the password prin WhatsApp or a phone call. Better yet, use LOCK.PUB where the password is built into the link itself — the recipient enters it on access, so there's no need to transmit the password at all.
Concluzia
Sending protejat cu parola ZIP files by email provides the illusion of security while actually making things worse by blocking malware detection.
Secure file sharing checklist:
- Switch to cloud storage sharing links
- Add protectia cu parola to shared links
- Implement access logging
- Establish new file sharing policies
- Train echipa ta on secure practices
Cuvinte cheie
S-ar putea să-ți placă și
HIPAA Compliant File Sharing: Send Patient Data Securely
Learn HIPAA requirements for sharing electronic Protected Health Information (ePHI) and how encrypted, protejat cu parola tools can supplement your compliance workflow.
Why You Should Never Share Passwords in Work Chat (And What to Do Instead)
Sharing passwords via Slack, Teams, or any work messenger is a security risk. Learn about message history exposure, ex-employee access, search risks, and secure alternatives.
Why Sharing Passwords on Workplace Chat Apps Is Risky (And What to Do Instead)
Sharing passwords on Slack, Teams, or other workplace messengers creates serious security risks. Learn safer alternatives for credential sharing la locul de munca.
Creează acum linkul tău protejat cu parolă
Creează gratuit linkuri protejate cu parolă, notițe secrete și chaturi criptate.
Începe Gratuit