In the dreamhost panel visit: Goodies > Htaccess/WebDAV
Most of what you need to do there is self-explanatory, one note tho: you don’t want to check “Enable WebDAV on this dir?”, that is for something else and checking it will break your site.
.htaccess password protection of a is very simple. It should not be considered “security” in any sense. Passwords are sent in clear text. It’s best purpose today is for exactly what you want to use it for, keeping search bots and people out of a site, or portion of a site, that is under construction.