HTTPS encrypts the password in transit, but the remote server (verifier) still gets the plaintext of the password. You need a PAKE to use a password without transmitting it to the verifier.