You can't create it manually it has to be created by the process from the security settings menu in the admin panel as the password is encrypted.
Check that the Security directory has write permissions, not Read-only and try to create your user/pass again for the directories you are trying to protect.
The process creates a .htaccess file in the directory you are protecting and points it to the other file xampp.users that contains the user/pass info. It also creates a plain text file xamppdirpasswd.txt that contains your user/pass info in the same security directory. (Also in the security directory there should be a text file mysqlrootpasswd.txt if you created a user/pass for mySQL).
Example - If you are trying to protect the htdocs directory there should be a .htaccess file in there with a reference to the location of the xampp.users file. You can check to see if the .htaccess file is created and what it contains. You can open both those files in your favourite text editor to read them.
If all else fails, backup any files you have added or changed then totally remove XAMPP and all traces of it. Then re-install it clean. Then try again.
Not much help really but seems to be a permissions issue or a corrupt install.