The first thing you should do is make sure AllowOverrides is enabled for your web site/directory. You don't necessarily need this if you want to make the changes directly in your global Apache configuration, but this setting will allow you to drop the directives in an .htaccess file instead of the server-wide httpd.conf.

You should see something like this in your httpd.conf:

<Directory /full/path/to/my/website/doc/root>
    Options +FollowSymLinks -Indexes
    AllowOverride All
    Order Allow,Deny
    Allow from all
</Directory>

The main one to note is the AllowOverrides All line. That tells Apache that if it finds an .htaccess file in your web directory, it should honor all the directives therein.

Now, change to the directory you want to protect, and create a file called .htpasswd which will contain the usernames/passwords of your authorized users.

# cd /full/path/to/my/website/doc/root
# htpasswd -c .htpasswd <username>

That will create a new file .htpasswd and add the user <username> to it, after prompting you for a password. If you need to add more users, just repeat this command:

# htpasswd .htpasswd <username>

Now we create the actual .htaccess file. It should look something like this:

AuthUserFile /full/path/to/my/website/doc/root/.htpasswd
AuthType Basic
AuthName "My Secret Area"
Require valid-user

That's it. Now when you try to surf to your protected website directory, you'll be prompted for a username and password.