I will try to provide an answer strictly to the original question (instead of judging the question or providing an answer to a question that was not asked).

Yes, it is possible and can be as secure as (if not more than) any TLS/HTTPS connection.

Assuming you influence implementation on both ends:

1. Send sha256 or sha384 hash of the password instead of he password
2. If both ends trust each other, then generate RSA/EC key pair at the server side and share the public keys with the client(s). If this is not possible, then obtain a server certificate from a public CA (e.g free from Let's Encrypt) and share it publically with the client(s). Afterwards, a client can send credentials encrypted with that public key and the server can decode using the private key it holds.