.htaccess is a familiar way of adding password protection to a web server at directory level. It can be useful in the development process, for example, when you need to restrict access.
A similar site-wide password requirement can be added to a Divio Cloud site, using environment variables. Set them as follows:
Those values can be set independently for test/live servers in the Environment Variables settings for each project.
How this works
These variables are handled in the Aldryn SSO module.
You can see exactly what it does with them - and others - in https://github.com/aldryn/aldryn-sso/blob/master/aldryn_config.py