There are thousands of downloadable password applets available - many of them free - but be warned that most of them are ridiculously easy to circumvent. If you want to protect sensitive or confidential web content you must use something a little more robust.
There's a neat little utility called CoffeCup Password wizard
click here but it isn't free. Take a look at it, you can configure it as either a Java or a Flash file, and it works pretty well.
If you really want some bullet-proof protection you'll need to use something with the password entry that will only work if the visitor is coming from a specific url on your site. This means that when the visitor enters a valid login he/she is taken to a redirect page, and the script will only allow them into the site from this location, no matter how hard they try to do otherwise.
All login procedures can be broken if someone is determined enough, and people like me spend a good deal of time devising ways to keep unauthorised visitors out of protected areas. I have successfully used the Windows NT workgroup login procedure to create secure areas on websites in the past, but this method requires a good deal of back-end maintenance to work well. Once set up it does work very well, especially with a few tweaks thrown in - but I'm keeping those to myself.