Both RAR and ZIP formats support encryption. To encrypt files you need to specify a password before archiving or directly in the Archive name and parameters dialog. In the command line this is done by using switch -p[pwd]. In WinRAR shell, to enter a password you may either press Ctrl+P or select the "Set default password" command in File menu or click on the small icon of a key in the bottom left corner of the WinRAR window. To enter a password in Archive name and parameters dialog press "Set password" button in "Advanced" set of options.
Unlike ZIP, RAR format allows to encrypt not only file data, but also other sensitive archive areas: file names, sizes, attributes, comments and other blocks. If you wish to do it, you need to set "Encrypt file names" option in the password dialog or in the command line mode use the switch -hp[pwd] instead of -p[pwd]. Without a password it is impossible to view even the list of files in archive encrypted in such mode.
Solid RAR archives and archives with encrypted file names can have only one same password for all archived files. Files in non-solid RAR archives without name encryption and in ZIP archives can use different passwords.
Do not forget to remove an entered password, when it is no longer needed, otherwise you may occasionally archive some files using the password without wishing to. To remove a password, enter an empty string instead of a password or close WinRAR and start it again. While a password exists, the icon of key is red, otherwise it will be yellow. Also, when you start an archive operation using a password, title bar of Archive name and parameters dialog flashes twice.
You do not need to remove a password if you entered it directly in Archive name and parameters dialog. Unlike other ways such password is valid only for the single archiving operation and automatically removed after its completion.
When extracting encrypted files, it is not necessary to enter the password before starting the operation, though you may do so. If a password was not entered before extraction and WinRAR encounters an encrypted file, the password will be requested from the user.
ZIP 2.0 format supported by WinRAR uses a proprietary encryption algorithm. RAR archives are encrypted by the much stronger AES-128 standard. If you need to encrypt sensitive information, it is better to select the RAR archive format. For real security use passwords of at least 8 characters in length. Do not use words of any language as passwords, it is better to choose a random combination of characters and digits. Note that passwords are case sensitive. Maximum password length for RAR archives is 127 characters. Longer passwords are truncated to this length.
Remember that if you lose your password, you will be unable to retrieve the encrypted files, not even the WinRAR author is able to extract encrypted files.