Create a file named .htaccess in the directory you want to protect. For example, assuming that the directory is named /var/www/secret:

AuthUserFile "/var/www/secret/.htpasswd"
AuthGroupFile /dev/null
AuthName "My Secret Directory"
AuthType Basic
Require valid-user

Give one or more users access to the directory. For example, to create a user named "admin":

htpasswd -c /var/www/secret/.htpasswd admin

(The "-c" assumes that .htpasswd doesn't exist yet.)

htpasswd will prompt you for the password.

Your directory is now password protected (through the webserver, at least).

Supposedly, you can put these same statements inside a <Directory> container in your httpd.conf file, but I was unable to get that to work.