To provide a user authentication method and a device for the same by graphic encryption.

The user authentication method uses the degree of matching between an inputted graphic cryptogram and a registered graphic cryptogram and an input history of the graphic encryption, and determines whether or not to authenticate the user or whether or not it is an intrusion. In addition the method varies a threshold of bio recognition by the degree of matching between the inputted graphic cryptogram and the registered graphic cryptogram, compares the inputted user's bio recognition information to registered bio recognition information, and determines whether or not the user is authenticated. In the user authentication by the graphic cryptogram in a PDA or the like lacking a key operating part, convenience, reliability and security can be ensured. Also, by varying the threshold for the bio recognition as a result of the user authentication by the graphic cryptogram, imperfect recognition performance of the bio recognizer is improved, and FAR and FRR can be lowered at the same time.