need a secure way to share documents

I'm looking for a reasonable+ means of securing a document that needs to be shared online or via e-mail.

The data resides on my home computer, but I am asking about delivering a document to a couple of recipients, what is a decent solution and how secure is it.

- basic option is to add a password to a Word document and e-mail it, I use gmail, recipient uses corporate e-mail.

- 2nd option I am considering is posting the document on a website, then the user can just download it.

So looking for a reasonably secure method of delivering the document electronically.

From a usage standpoint, I prefer to post online and download the document (mostly it would be opened and printed), thinking that this is more efficient and a better end user experience (users goes to the link and downloads it), whereas "storing" everything on e-mail to me is not only a cheesy way of doing this but might actually be considered less secure as now there are multiple copies stored on e-mail and likely the person would download to their machine (and likely ultimately download to multiple machines).

If the document were compromised, it would be very bad. Our competition would very much like to get their hands on this and if they did, it would sink our operation.

The risk of the competition finding where this document is seems to be very, very low, and they actually don't know it exists. But they can reasonably assume that a document of this nature probably exists and so they are determined to find it. Basically there's no reasonable way of them finding it without leaks on our part, so I'm essentially just asking a quick security assessment of the two options I've listed, and possibly what would be a reasonable next higher level of security (I looked at securing a .pdf document and that seemed fairly involved to a security novice, so at the moment I'm just using a password on a MS office document).
Alaska CowboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Password is a good start... Just make sure you have a decent (strong) password that incorporates upper/lower case, numbers & special characters to prevent "dictionary attack" hacking...

Be concerned over how you transmit the password to your audience.

Make sure your intended recipients are trustworthy & will secure the password effectively as well!

A PDF file is only slightly more secure than the MS Word document, but you can also encapsulate either file type within a zip or rar archive that can be password secured as well... This "double encryption" might be a simple solution to up your sense of security (paranoia)!
Gerwin Jansen, EE MVETopic Advisor Commented:
Encrypting your documents before sending / posting is something I would do. You can use freeware gpg for this, quite secure. Every recipient needs to supply you their encryption keys / certificates, you encrypt your files for all recipients after which you post/send the encrypted document. Recipients decrypt the document with their private keys / certificates.

See: and some screenshots here.
Alaska CowboyAuthor Commented:
n2fc - good suggestion on double lock entry with zip file (haven't used rar archive, but good option as well).

gewinjansen, gpg4win looks really good, probably my next step up beyond the simple password. How would my partners "supply me with their encryption keys / certificates", especially if they are operating in a home (non-corporate) environment ?
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

I agree you can zip the file with a password to help protect it.  but do not put it on a website to be downloaded.  you should use a ftp site that the user has to log into to get to the download. that adds another layer of protection.
Alaska CowboyAuthor Commented:
havard, just need to clarify what you are saying . . . if I have a document that's stored here:, and the user goes to that site and sees an index of documents, is that "on a website" ?

I guess I don't understand what is "an ftp site" that's "not on a website" . . .

but this sounds like another good layer of security, and avoids versions piling up in e-mail
if you put the doc in  anyone can go and download it.  Then it is a matter of using software to crack the password on the file. you should have the file in  that would require a username and password to even see the file.  Are you hosting your own website or is it at a hosting service?  If you are hosting your own there are several free easy to use ftp servers. I use zFTPServer for our stuff.  If you are using a hosting company it is just a matter of going into your cpanel and creating a ftp user and password.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alaska CowboyAuthor Commented:
Havard, ok, makes more sense now. I will investigate the ftp://mywebsite and post another question if needed
Alaska CowboyAuthor Commented:
just what I was looking for, thank you all
Gerwin Jansen, EE MVETopic Advisor Commented:
You're welcome :)
Alaska CowboyAuthor Commented:
sorry, quick follow-up . . .

I like the ftp solution and did a quick set up of a user.

the hosted service on cpanel wanted to put them in public_html/[user_name].

but I created a folder on public_ftp/[directory_name]

so does this mean it's "not on the web" and only available via ftp, so entry credentials are the host ip address, the user name, and then the password ?

I kind of like this solution, as I don't have to fiddle with password protecting the file, I can just dump the files there (although I realize this would be an extra layer of security).
I would have thought it would have gone to public_ftp.  but by having in public_htm you will need to write a .htaccess file to block people which is not what you want.  I would force it to the public_ftp side.  you should be able to call your hosting company and they should be able to walk you through setting up a ftp site and user without any trouble.  A different way to go would also to use Google docs and only give out the login to that to the right people.  I have a restaurant chain that uses Google docs for all there training manuals etc.
Alaska CowboyAuthor Commented:
Havard, I was able to change it to public_ftp, it just defaulted to public_html.

so does this count as "an ftp site" ?

google docs is also a good functional solution but I'm just nervous about the security there.
best thing is to test it.  just type it in the browser and you should not be able to see it.  If you type ftp:// then it should prompt for a password.  see:  vs.

for an example.
Alaska CowboyAuthor Commented:
yes, I think I'm good, thanks !
glad to hear that
best of luck
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.