* https://en.wikipedia.org/wiki/Password-authenticated_key_agr...
* https://blog.cryptographyengineering.com/2018/10/19/lets-tal...
A Password-Authenticated Key Exchange (PAKE) attempts to address this issue by constructing a cryptographic key exchange that does not result in the password, or password-derived data, being transmitted across an unsecured channel.
I'm sure there are other zero-knowledge protocols besides PAKE-like ones, but I'm not an expert here.