Multi-factor user authentication becomes increasingly popular due to its superior security comparing with single-factor user authentication. However, existing multi-factor user authentication methods usually require multiple interactions between users and different authentication components when inputting the multiple factors, leading to extra overhead and bad user experience. In this paper, we propose a secure and user-friendly multi-factor user authentication system named <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">BioDraw</i> . It utilizes four categories of biometrics (impedance, geometry, behavior, and composition) of human hand plus the pattern-based password to identify and authenticate users. User only needs to draw a pattern on a radio frequency identification tag array, while four biometrics can be collected simultaneously. Specifically, we first design a gradient-based pattern recognition algorithm to precisely extract user’s secret pattern. Then, a convolutional neural network-and long short-term memory-based classifier is utilized for user recognition. Furthermore, to guarantee the systemic security, an anti-replay method called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Binary ALOHA</i> is proposed to detect replayed signals. We conduct extensive experiments with 30 volunteers. The experiment results show that <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">BioDraw</i> can achieve high authentication accuracy (with a 2% <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$-$</tex-math> </inline-formula> false reject rate) and is effective in defending against various attacks.