you can use php. i have a few administration pages that i only want access to, so there's no need for me to use the .htaccess file. here's a simple example of the code:
if($PHP_AUTH_USER != "username" || $PHP_AUTH_PW != "password")
header("WWW-Authenticate: Basic realm=\"your_realm\"");
header("HTTP/1.0 401 Unauthorized");
print "<B>Unauthorized user; Access Denied</B>\n";
of course, that's real stipped down, and by far not the most secure way of handling it, but it'll work. i use a mysql database with encrypted passwords to verify multiple users using the same code structure. it allows me to update on the fly, and from web based administration pages.
I <3 PHP. :-)