Password-protected file sharing
Add a password to any share and even a leaked link stays locked. SealFile derives the key from your password with Argon2id — so the password, not us, controls access.
How password protection works
When you choose a password mode, SealFile doesn't send your password anywhere. Instead, your browser runs it through Argon2id — a slow, memory-hard function designed to make guessing expensive — to derive a wrapping key. That key encrypts the file's actual encryption key using AES-KW.
The server stores only the wrapped key and the Argon2 salt. To open the share, your recipient re-enters the password, re-derives the same key in their browser, and unwraps it locally. The password never touches our servers.
Pick the protection that fits
Password protection pairs with SealFile's zero-knowledge encryption — it adds a layer, it doesn't replace it. For the strongest setup, use link + password and deliver each part over a different channel.
Argon2id key derivation
Passwords are stretched with Argon2id (64 MB memory, 3 iterations) to resist brute-force and GPU attacks.
Three sharing modes
Link-only, password-protected, or link + password — choose how much friction and security you want.
A real second factor
Split the secret so a leaked link still can't open your files without the password.
Built-in strength meter
A password generator and live strength meter help you pick something hard to guess.
Frequently asked questions
How does password protection work?
Your password is run through Argon2id, a slow, memory-hard key-derivation function, to produce a wrapping key. That key encrypts (wraps) the file's encryption key. Without the password, the wrapped key can't be opened — and the password is never sent to us.
What's the difference between the three modes?
Link-only puts the key in the link fragment. Password mode protects the key with your password instead. Link + password splits the secret across both — the recipient needs the link and the password, giving you the strongest protection.
What if someone intercepts the link?
In password or link + password mode, the link alone is useless. An attacker would also need the password, which you can share over a separate channel (say, the link by email and the password by text).
Can SealFile reset or recover a password?
No. We never receive your password and can't derive the key without it. If the password is lost, the files cannot be decrypted by anyone, including us.
Lock your next share with a password
Free on every tier — no account, no setup, just a stronger share.