There have been many occasions where password protecting a directory is the ultimate in web security. This can be used by clients to hide information that they do not want their public to know about or access, it can also be used to secure information for employees of a company.
Instead of writing a tutorial about this, I went to the "Net" and found a great web page resource that will actually create the password file for you...
Here is a quote from that page:
Password protecting a directory can be done several ways. Many people use PHP or ASP to verify users, but if you want to protect a directory of files or images (for example), that often isn't practical. Fortunately, Apache has a built-in method for protecting directories from prying eyes, using the .htaccess file.
In order to protect your chosen directory, you will first need to create an .htaccess file. This is the file that the server will check before allowing access to anything in the same directory. That's right, the .htaccess file belongs in the directory you are protecting, and you can have one in each of as many directories as you like.
The way the password protection works, if there is any page within that directory accessed, the users will be prompted to enter a username and password.
For more information about this: http://www.addedbytes.com/lab/password-protect-a-directory-with-htaccess/