How Do You Lock a Word Document, and Is It Secure?

Locking a Word document sounds simple - but when sensitive information is on the line, is it really secure enough?

Password-protecting a document can help stop unwanted access - but it is not a perfect shield.

Below we walk through the steps for locking files on different devices, what happens behind the scenes, and safer alternatives for sharing private information.

How To Lock a Word Document

Locking a Word Document on Windows

To lock a Word document on a Windows PC, you can encrypt it with a password. This means no one can open the file unless they know the code.

1. Open the document in Microsoft Word.
2. Select File → Info → Protect Document → Encrypt with Password.
3. Enter and confirm a strong password.
4. Save the file to apply encryption.

Once saved, Word will prompt for the password whenever someone tries to open it.

Be careful though - if you forget the password, Microsoft can’t recover it.

Locking a Word Document on macOS

On a Mac, password protection is found under the Review tab.

1. Open your document in Word for Mac.
2. Go to Review → Protect → Protect Document.
3. Under Security, set a password to open (encrypt) or modify the file.
4. Confirm and save.

Setting a password to open encrypts the document.

Setting a password to modify only limits editing - it doesn’t hide the content (see Microsoft’s note on read-only limitations).

What About iPhone or Android?

On mobile, Microsoft Word lets you open password-protected files but not create them (Word for web has similar limits; see differences).

You’ll need to lock the file on a desktop version first.

Once locked, you can still open and edit the document on your phone using the password.

How Secure Is a Locked Word Document?

Understanding What Happens When You “Lock” a File

When you set a password to open a Word file, the document is encrypted using Advanced Encryption Standard (AES-256) - only someone with the password can decrypt and read it.

However, not every “lock” feature in Word is the same. “Read-only” mode or “Restrict Editing” don’t use encryption.

They simply discourage changes - and can be bypassed easily. To protect the contents, use the password-to-open (encryption) option.

The Limitations of Password Protection

Encryption itself is strong, but the weak point is usually people, not the software:

• Weak passwords can be guessed or cracked.
• Password sharing by unsecured email defeats the purpose of encryption (see ICO encryption and data transfer).
• Once opened, the recipient can copy, print, or forward the file freely.
• Older .doc files use outdated protection and can be broken easily.
• Some email filters block encrypted attachments entirely.

That’s why locked Word files are better seen as moderately private, not highly secure.

"AES-256 encryption in Word is sound. The weak point is usually what happens after someone opens the file - copies, forwards, and no record of who accessed what."

Mike Wakefield, CTO, Beyond Encryption (Mailock)

For regulated or customer-facing work, channel-level controls often matter more than file-level passwords alone.

Safer Ways To Share Sensitive Documents

Use Encrypted Email Instead

Rather than locking individual documents, many professionals secure the whole conversation using encrypted email.

Mailock is a secure email platform that encrypts messages and attachments end-to-end.

Recipients verify their identity before opening, keeping private data safe even if sent to the wrong address.

• No separate passwords: Authentication replaces manual code-sharing.
• End-to-end encryption: The entire email and its attachments stay protected from sender to inbox.
• Message tracking and revoke: Track when a message is opened or revoke it if sent in error.
• Branding and compliance: Maintain trust and meet GDPR requirements with a professional, branded recipient experience.

"Locking a file protects information in transit, but once it’s open, you lose control. Secure email extends that protection from send to read."

Paul Holland, Founder and CEO, Beyond Encryption (Mailock)

Portals & Document-Sharing Platforms: When They Make Sense

For less time-sensitive exchanges (e.g., statements, policy packs, large files), secure portals or document-sharing platforms can work well.

They centralise access, apply controls (permissions, expiry), and provide an audit trail.

• Good for: Scheduled drops, large files, ongoing reference material.
• Trade-off: Requires customers to register and remember yet another login. Adoption can be lower and support queries higher.

The Future of Secure Document Sharing

Security That Fits Into Everyday Work (No Friction)

Security is moving from “add-on steps” to policy-driven automation.

For example, in Microsoft 365, admins can use mail-flow rules to automatically encrypt emails when certain conditions are detected.

In Google Workspace, admins can enforce client-side encryption or apply DLP rules to warn, block, or require controls when sensitive data appears. Protection is applied by design, not left to memory.

So, Should You Lock a Word Document?

• Yes, for: One-off sharing with a trusted contact, where you can share the password via a separate channel.
• No, for: Sensitive, regulated, or customer-facing communications at scale. Use secure email (e.g., Mailock) or a secure portal, depending on urgency and use-case.

FAQs

Does Word Encryption Meet GDPR Requirements?

Encrypted Word files protect personal data from unauthorised access. However, without identity verification or an audit trail, they may not satisfy accountability needs common in regulated sectors (see ICO scenarios).

Can Someone Remove a Word Password?

Older .doc protection is weak. Modern .docx encryption is difficult to break with a strong password, but weak or reused passwords undermine it. Once opened, content can still be copied and forwarded.

What’s the Simplest Way to Share Confidential Documents with Clients?

Send them through encrypted email. Solutions like Mailock protect the message and attachments, authenticate recipients, and let you revoke access if needed.

References

Protect a Document With a Password, Microsoft, 2025.

Make a Document Read-Only in Word, Microsoft, 2024.

Differences Between Word for Web and Desktop, Microsoft, 2024.

Encryption Scenarios, ICO, 2024.

Encryption and Data Transfer, ICO, 2024.

Create Mail-Flow Rules To Auto-Encrypt Email, Microsoft, 2025.

Client-Side Encryption, Google Workspace, 2025.

Gmail DLP Rules, Google Workspace, 2025.

How To Send a Secure Email, Beyond Encryption, 2025.

Reviewed by

Sam Kendall, 31.05.26

This content is for general information only and is not legal advice.