I know that the best way for password protecting a page is a server side script,
but I am curious about this:

Couldn't you make your company intranet the simple way: just make it part of your website.

It would have 2 levels of "security". First, you would have to know the exact URL to get to it.
(There would be no link to it). example: www.mycompany.com/intra/enter.html

The 2nd level would be this script:

<script language="JavaScript">
<!--

var password = prompt("Enter Password for Access","")

if (password !="yourPW")

{ top.location="about:Invalid Password" }
//-->
</script>

Everyone in the company would have to be told the URL and the password.
Wouldn't that keep our intranet private? If I used "no-index" in the meta tag for enter.html,
and since you can't see the source code unless you type the correct password, it seems this intranet is private.

I am a newbie, so there may be something obvious I am failing to see.