The J-PAKE method (just implemented in OpenSSH and OpenSSL) allows password-based authentication without exposing the password to the server.
Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint.
Direct link to the the document: Password Authenticated Key Exchange by Juggling and to the announce (with links to source code in C and Java).