You can find a lot of .htaccess security tips via Google.
The tutorials from AskApache.com and PerishablePress.com are very good. Some may apply specifically to WordPress, but there should be non-WordPress tips as well.
Passwords are just one part of securing your website. There are lots of other things you can do, including keeping your scripts up to date and monitoring them for vulnerabilities. Additionally, some file/folder permissions can predispose your site to attacks.
Here are some of the security-related rules I use in my .htaccess files. I have gotten all of them from sources such as AskApache and PerishablePress, among others. Some are also WordPress-specific.
code:
# Disallow directory browsing Options All -Indexes
# Deny access to .htaccess <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all </Files>
# Deny access to php.ini <Files php.ini> deny from all </Files>
Users of WordPress can also look into installing the WordPress Firewall Plugin.
These are just a few other random things you can do...
Hackers use search engines too. Prevent search engines from indexing certain parts of your website using the robots.txt file. Note that you can also use this technique for influencing how your site is indexed for SEO purposes.
code:
Disallow: /directoryname
WordPress users should hide version number reporting in their theme's header. While it does not prevent an infiltration directly, potential attackers are less likely to target your website if they are unaware of which exploits to take advantage of based on popular script versions. In your theme's functions.php file, add...