Protecting a dev site

Most development sites have a way of protecting access to them behind some kind of login system (even if the site doesn’t have a user system per se)

Is their a best practice way of doing this for pimcore? I know on some site you can set the site to maintenance mode and it will allow a registered admin user to login and see pages.

.htaccess is the easiest solution…