Eastern Michigan University EMU HOME
About people.emich.edu
Tips & Resources
Print this page

Setting Passwords

Usernames and encrypted passwords are stored in a text file called .htpasswd (dot-HT-pass-WD). The password file needs to be at the top level of your personal web space, not in the directory you want to protect.

  • Note: It is possible to protect different directories with separate sets of usernames and passwords by utilizing multiple .htpasswd and .htaccess files, or by using groups. These methods are, however, outside the scope of this document.


Let's take a look at an example .htpasswd file.

  • jenn:ifrfkqItpFGkA

Each line is a username/password pair, where the clear-text username and the encrypted password are separated by a colon. In this example we have two users, jenn and john, and their passwors are jenn and john, respectively.

  • Note: Each encrypted password is actually a mere mathematical checksum of the original password. The .htpasswd file does not contain the original passwords.


To test password protection, you can follow these steps, assuming you have already dropped a .htaccess file into a directory. If not, please complete the previous step first.

  1. Copy the two lines from the example above.
  2. Paste them into a simple text editor, such as Notepad.
  3. Save the file as htpasswd.txt on your desktop.
  4. Upload the file to the top level of your personal web space.
  5. Rename the file .htpasswd (dot-HT-pass-WD) on the server.

Now, try accessing the directory that contains the .htaccess file, and the server should prompt you to enter a username and password. Only the username/password pairs jenn/jenn and john/john, should let you in, and no others.

  • Note: Once your username and password have been accepted, the only way to "logout" is to close the browser.

Managing Usernames & Passwords

Managing usernames and passwords requires editing the .htpasswd file. Fortunately, most SFTP clients allow you to edit text files directly on the server.

  • To add a username/password pair to the list, you can use the Password Generator to generate a line you can copy and paste directly to the .htpasswd file.
  • To change a password, you can generate a new username/password pair using the Password Generator, and replace the old line with the new.
  • To remove a user from the access list, simply remove the corresponding line from the .htpasswd file.

Next: Password Generator

EMU Home | Contact EMU | Site Map | Directories | Calendars | My.emich | Search