I often have to look up simple things that really I should be able to remember. One of those things is setting up password protection using .htpasswd on apache.
Create a file called .htpasswd using the htpasswd command
htpasswd -c .htpasswd richard
Then enter the password when prompted. If you want to add users to an existing file, you don't need to use the -c flag.
htpasswd .htpasswd another_user
Then to make apache require a username and password, add the following to the .htaccess file in the root of the directory being protected
AuthUserFile /full/path/to/.htpasswd AuthGroupFile /dev/null AuthName "Protected Directory" AuthType Basic require valid-user
That is all there is to it.