Skip to content
scrolly.net

Guide

How to password-protect an HTML file

You have a finished HTML document (a report, a deck, a one-pager) and you want only the right people to open it. Here is how to put a password on it in a couple of minutes, without editing the file or hosting anything yourself.

Why password-protect a shared HTML file

Emailing an HTML file as an attachment means anyone who receives or forwards it can open it forever, and you never find out who did. Putting the file behind a password-protected link keeps casual access out, lets you turn access off later, and (with scrolly.net) tells you who actually opened it.

A scrolly.net password lives on the link, not inside the file. That means you never have to re-export or re-encrypt the document, and you can change or remove the password at any time without resending anything.

Set a password in four steps

  1. Sign in and upload your .html file. The file uploads straight to secure storage; it is never executed on the scrolly.net app.
  2. Create a link for the document and choose the Password access mode.
  3. Type the password recipients will need. scrolly.net stores only a salted hash of it, never the password itself, so even we cannot read it back.
  4. Copy the short link and share it. Send the password through a separate channel (a chat message or a call), not in the same email as the link.

When someone opens the link they are prompted for the password. The check happens at the edge before any of the document is served, so a wrong password never loads a single byte of your file.

Change the password or revoke access

  • Rotate the password: edit the link and set a new one. The old password stops working immediately.
  • Add an expiry date so the link stops opening on its own after a deadline.
  • Revoke the link with one toggle. Further opens are blocked instantly, even for people who already had the password.
  • Create a separate link per recipient when you want to revoke one person without affecting the rest.

When a password is not enough

A password is shared, so anyone who has it can pass it on. For documents where you need to know exactly who is on the other side, use an email gate (the viewer verifies their email before opening) or an allowlist (only the specific email addresses you list can open it). Both record the verified viewer alongside the engagement analytics, so you see real names, not just a view count.

Protect a document free

FAQ

Frequently asked questions

Does the password get stored anywhere I should worry about?
Only a salted, one-way hash of the password is stored, never the password itself. scrolly.net cannot show you the original password, and a leak of the stored value cannot be reversed into it.
Can I password-protect a file without editing it?
Yes. The password is a setting on the share link, not part of the file. You upload your HTML once and add, change, or remove the password on the link at any time without touching the document.
What happens when someone enters the wrong password?
They see a prompt to try again, and the document is not served. The password is checked at the edge before any bytes of your file are sent, so a failed attempt never loads the content.
Is a password the most secure option?
A password keeps casual access out, but anyone who has it can share it. For documents where you need to know exactly who opened them, use the email-gate or allowlist access mode instead, which verify each viewer.