To really nitpick the server does have the password during authentication. The alternate would be a PAKE which is currently quite rare. (But probably should become the standard)
I am aware of PAKEs, and I decided not to waste my time mentioning them because as usual the situation is:
Using a PAKE correctly would be safe, but that sounds like work
Just saying "Use a good password" is no work and you can pretend it's just as safe.
Real world systems using a PAKE are very rare. The most notable is WPA3 (and there are numerous scenarios where it's for nothing until WPA2 is long obsolete). Lots of systems which would use a PAKE if designed by a cryptographer were instead designed by engineers or managers for whom "Ooh, a hash with salt" sounds like a sophisticated modern technical solution rather than a long obsolete one.
