Apache documentation on .htaccess
Apache documentation on auth.html

to create a new password file:

# htpasswd -c /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

to append to existing password file:

# htpasswd /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

To allow access to just specific directories, block access the the root level. .htacess in the document root should look like this:

# Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1

Then create an htaccess file in whatever directories you want to allow access to:

Allow from all