Science has cracked the concept of a better password – your breath
It's almost impossible to fake.

Woman breathing in and out a password. Image by Cybernews.
- Researchers at Singapore University of Technology and Design developed BlowLive, a system that identifies users by how they breathe into their phone with 99.56% accuracy.
- The system combines breath acoustics with facial recognition and uses Doppler shift to detect real breaths versus recordings, achieving near-perfect liveness detection.
- Unlike fingerprints or face scans, breath biometrics can be reset if compromised by generating a new cryptographic key from each breath pattern.
- The technology addresses growing deepfake threats but may struggle with adoption if users find blowing into their phone every unlock inconvenient.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Passwords and passphrases pale in comparison to the unique identifier that is the way we breathe.
Passwords can be guessed, phished, or leaked in their millions. Just last month, 124 million more passwords were added to HaveIBeenPwned, an indication of how regularly these things leak.
Biometrics have been proposed as one answer, but fingerprints and faces, once copied, are compromised forever. You can’t, after all, reset the ridges on your thumb.
But science reckons it might have cracked the problem. The unique way a person blows air across a smartphone microphone may be almost impossible to spoof, and one team of researchers claims it can identify the right user 99.56% of the time.
That’s the headline finding from BlowLive, a biometric system developed by Eyasu Getahun Chekole, Howard Halim, Daniël Reijsbergen, and Jianying Zhou at the Singapore University of Technology and Design. The system asks users to exhale into their phone, then treats the resulting acoustic signature as proof of who they are.
Gone in a whisper
Physiological traits like faces and fingerprints are convenient for unlocking phones and accessing bank accounts, but they leak. Voice and lip-motion systems, meanwhile, struggle and can now be deepfaked thanks to AI advances.
BlowLive tries to sidestep those problems by combining two signals rather than relying on one. It pairs the blow-acoustic pattern, a behavioral trait, with facial recognition, a physiological one. Put the two together, and it can be up to 100% accurate.
That’s because the behavioral half of the identity check does the heavy lifting on a problem that has long dogged the field: liveness.
Biometric systems need to know whether they’re dealing with a living person or a recording. As the UK is discovering with workarounds for its age verification checks, a photograph or video game video can defeat a lazy face scanner. To guard against those issues, BlowLive uses the Doppler shift – the same change in frequency that makes an ambulance siren drop in pitch as it passes – to detect the movement of air from a real breath.
That mechanism, the team says, is 99.42% accurate at telling a genuine blow from a fake.
Take my breath away
What makes the concept even more foolproof is that no two breaths are identical.
While intra-user variability normally erodes accuracy in recording whether someone has breathed, BlowLive works around that by deploying a "fuzzy extractor" – a cryptographic technique that distills a stable, secret key from inherently noisy input.
The biometric can therefore be revoked if the key is compromised because it’s simple to create a new one, in contrast to how fingerprints and face scans operate.
While the study was tested on only 50 participants, the authors suggest it could scale to population levels and provide a unique blueprint that enables platforms, apps, and services to distinguish one user from another with near-absolute accuracy.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
That’s needed because of the rise of technology that can fool such systems and play into the hands of hackers. As deepfakes grow more convincing and stolen credentials become more abundant, the industry is hunting for signals that are hard to counterfeit and easy to reset.
As the authors put it, a breath is free, requires no special hardware beyond a camera and microphone, and disappears the moment it is made, so you don’t risk having your secret keys and passwords discovered on a piece of paper if you lose it.
What could stymie the adoption of the technology is a simpler one – ease of use. Whether anyone will want to huff at their handset every time they unlock it is another matter entirely.