In this paper, a new natural human interaction authentication method has been proposed for the Internet of Things (IoT) devices. In this method the user draws doodles on-air for authentication. On-air drawing, refers to virtually drawing free hand-drawn doodles passwords through hand gestures on the air without touching anything which is recommended during COVID-19. This work uses Google Quick Draw doodles dataset for password doodles. The proposed method is based on a usual video camera, two lightweight Convolutional Neural Networks (CNN) and Kalman filter. The first CNN for hand gestures classification to overcome dynamic hand gestures challenges on the air. The second CNN for authentication verification. Kalman filter is used to correct and smooth the drawn line path on the air. To accept the new authentication method, it must achieve two main goals security and usability. The evaluation of the usability was based on ISO 9241-11:2018 standards usability model. The results revealed that the accuracy of the proposed authentication method is 95% and, the efficiency is 94% and user satisfaction is accepted. The evaluation of the security was based on two threats related to IoT devices which are guessing and physical observation. The results showed that the password strength of the proposed authentication method is stronger than the traditional 4-digits PIN password. The proposed authentication method is also resistant to physical observation threats.