An .htaccess file is used to override the web server's global configuration for the directory it is in (and any directories below). .htaccess files are commonly used to allow per-directory access control, such as password protecting a directory or file, or URL rewriting.
.htaccess files are only supported on Apache web servers. They are not supported on the Microsoft IIS servers at Winhost. 
To password protect a folder or file, check out this knowledge base article.