The .htpasswd file

The .htpasswd file contains a list of usernames and passwords.

Important Note: There is no correspondence between usernames and passwords on specific Unix systems (e.g. in an /etc/passwd file) and usernames and passwords in the authentication schemes we're discussing for use in the Web. Web-based authentication uses similar but wholly distinct password files; a user need never have an actual account on a given Unix system in order to be validated for access to files being served from that system and protected with HTTP-based authentication.

(From NCSA's User Authentication Tutorial)

The .htpasswd file can be placed anywhere under the .www-docs/ directory.

To create the .htpasswd file, use the htpasswd command with the following format:
htpasswd [-c] .htpasswd {username}

This command line will prompt you for a password for that user. The password that you type will not be echoed onto the screen, and it will be immediately encrypted.

The output from this command is a .htpasswd file with an entry with the form:
{user}:{encrypted password}

The -c option creates a new passwd file instead of editing an old one. So only use the -c option the first time the htpasswd command is used.

Finally, make sure that read permissions for this file are set for everyone (ie. owner, group, and other).

Now you need to go on to the next step in creating the .htaccess file.