An .htaccess file is a set of instructions to your web server. If you tell it to require authentication before displaying pages, this will apply to everyone, search engines included (and only you have the password).
Make sure that your password file is not in a publicly-accessible directory. You can use this directive to completely block access to files starting with ".ht", although if your entire website is password-protected, this shouldn't be an issue.
<FilesMatch "^\.ht(.*)$">
Deny from all
</FilesMatch>
Note that if your connection is not SSL-encrypted, this setup will not be entirely secure. Anyone between you and the web server can intercept your connection and sniff your password - for example, if you are using public wi-fi at a coffee shop. However, consider how much security you need, because SSL can be complicated and expensive to set up. For practical purposes, an .htaccess file should be sufficient to keep unwanted visitors away from your website.
P.S. Use HTTP Digest authentication instead of Basic - it's a little more secure.
1
Can't help you if you don't mention what exactly you are doing with .htaccess, or post it. You can put a lot of directives in there, and you haven't even told us which version of Apache (or other) you are using. Can you fill in those details? Please see the FAQ here: http://superuser.com/faq Also, you will likely get a better response over at http://www.serverfault.com.
– Brad – 2011-05-30T15:12:15.070support to move to serverfault.com – bubu – 2011-05-30T15:14:02.920