Mutual Auth
If we're going to standardise anything, it should be a mutual password authentication mechanism - that is, the client and server must both prove they know the underlying password, without revealing it. There's a mechanism like that in section 4.3 of the TCPCrypt paper:
http://www.tcpcrypt.org/tcpcrypt.pdf
The risk with mutual auth is always that the server leaks something that can be used to brute force the password. Not sure how that mechanism stacks up, but would certainly be safe for strong passwords as the hash functions could easily be specified as a proper password hash like Argon2.