When specifying the location to an htpasswd file, the path must be relative to the webserver's ServerRoot. Shared hosting often doesn't provide access to the ServerRoot nor do they tell their account holders what it is. Well, chances are it's
/usr/local/apache/. Now that we know that, using an htpasswd file is easy.
Say your cPanel Home Directory is /home/123456/. You would put the .htpasswd file in /home/123456, safely outside of your DocumentRoot, and the .htaccess file would look something like this:
AuthType digest AuthName "Secure Area" AuthDigestProvider file AuthUserFile ../../../home/123456/.htaccess Require valid-user