PIN authentication is widely used thanks to its simplicity and usability, but it is known to be susceptible to shoulder surfing. In this paper, we propose a novel online finger-drawn PIN authentication technique that lets a user draw a PIN on a touch interface with her finger. The system provides some resilience to shoulder surfing without increasing authentication delay and complexity by using both the PIN as well as a behavioral biometric in user verification. Our approach adopts the Dynamic Time Warping (DTW) algorithm to compute dissimilarity scores between PIN samples. We evaluate our system in two shoulder surfing scenarios: 1) PIN attack where the attacker only knows the victim’s PIN but has no information about it’s drawing characteristic and 2) Imitation attack where an attacker has access to a dynamic drawing sequence of a victim’s finger-drawn PIN in the form of multiple observations. Experimental results with a data set of 40 users and 2400 imitating samples from two attacks yield an Equal Error Rate (EER) of 6.7% and 9.9% respectively, indicating the need for further study on this promising authentication mechanism.