First, create a file with passwords e.g. by: htpasswd -bc $pwd-file $user $pwd (-b adds a password to a file, -c creates a new file)

Create .htaccess file in a directory you want to protect and put there:

AuthType Basic
AuthName something
AuthUserFile $pwd-file
Require valid-user

If you refer to $pwd-file via relative path, it's relative to /etc/httpd on Linux and c:\program files\apache group\apache on Windows.