Support

Joomla's fonts are rendered by means of an icon font which is stored in /media/jui/fonts relative to your site's root. The System - Admin Tools plugin cannot possibly limit access to the (static) content of that folder.

Moreover, the administrator password protection simply creates a .htaccess and .htpasswd file in the administrator directory. They do not have any effect in the media folder which is one level up.

It looks like something is screwed up in that site's hosting configuration. I am not entirely sure what. I cannot think of an Apache configuration failure mode which would end up preventing serving the icon fonts from the media folder when an unrelated folder is password protected.

Also, like you, I am (mostly) using Chrome to administer all of my live, test and development sites and on all of them I have activated the administrator password protection on principle of using multi-factor authentication on all web properties under my control. I could only reproduce the issue on one, many months ago, when I was using the .htaccess Maker and had inadvertently removed media/jui/fonts from "Frontend directories where file type exceptions are allowed". However, that failure was there permanently, without having anything to do with the administrator password protection.

This makes me think: when you remove the administrator password protection, do you also remove the (unrelated to this feature) .htaccess from the site's root?

Then it must be something with your hosting setup. The only thing the password protection does is create a small .htaccess file in the administrator folder. It doesn't touch anything else. You can see for yourself how simple that file is. I can't think of any reason why that file would block a completely unrelated static file from being loaded. I also cannot reproduce it.

Is there something special about this particular site? Is it on a different host? A different server? In a subdirectory of another site (not as a URL, I mean as a filesystem directory)?

If there is a .htaccess in the root directory (above /home) it is possible that its contents somehow get in the way. That would depend on the redirection rules and error documents you have there. For example, a custom HTTP 400 error page which doesn't exist could cause this issue. Then again, you could also be setting up the same nonexistent error page through the host's control panel. But, anyway, this ends up being a hosting issue.

Here's an idea. The administrator directory password is not really a feature that requires Admin Tools. We are just trying to apply a hosting-level password protection of the /administrator directory of your site. Ask your host how you can password protect a directory and apply their instructions to password protect /administrator. If their method results in the same problem with Joomla's icon fonts report that issue to them and ask them to fix it. Since they have access to the server files and they are the ones who have set up the server they will know which part of the server setup is likely to be blocking the icon font files and fix it or work around it.