GOTPass requires a one-time setup, wherein a user would draw a pattern on a 4x4 grid -- similar to Android's unlock scheme. After choosing a pattern, they'll be presented with grids of thirty random emoji-esque images, and asked to choose one. After picking from four grids, they'll have their "password."
When it comes to logging in, the process is fairly simple: enter your username, then draw the pattern lock. The next step shows 16 images, of which two are from the four picked during setup, and 14 are decoys. Select the correct images, and you get a one-time passcode to enter into the relevant box.
It all sounds horribly complicated, but in reality the process wouldn't take much longer than typing in a simple password. The team say it's proved easy to remember, and holds up well against hacks. Using a mix of targeted and random methodology, they attempted to hack accounts 690 times. Of those, 23, or 3.33%, were successful. It's a great start, and the researchers are now planning further tests to test its efficacy and usability.