Alternatives for password where at least one secret is not know by the server, with similar transparency
Some service like Bitwarden use the password to encrypt part of your personal data, so that nobody except you can access it, and they archive this because the server only gets your password's hash from your login prompt the server never knows your password and therefore can actually encrypt your data with your password.
But if we where to actually pass-out passwords, because some mostly unfounded thoughts of they being evil, what mechanism would we use such that we can have authentication without password that allows to encrypt part of our user data in a way that the server cannot infer the secret as is done by hash functions, such that the login secret can be stored in a password manager/it can be written down in paper and entered in a webpage without the browser implementing any authentication extensions or standards?
