Recently, Ku et al. proposed a sector-based graphical password scheme, RiS, with dynamically adjustable resistance to login-recording attacks. However, since most users are more familiar with textual passwords than graphical passwords, we propose a secure and efficient textual-graphical password scheme, T-RiS, which is a variant of RiS. The T-RiS user can efficiently complete the login process in an environment under low threat of login-recording attacks and securely complete the login process in an environment under high threat of login-recording attacks. T-RiS can be used in environments where the users are more familiar with passwords based on texts than passwords based on icons/images and the number of login sessions the adversary can record is usually less than five.

Since most password schemes are vulnerable to login-recording attacks, graphical password schemes that are resistant to such attacks have been proposed. However, none of existing graphical password schemes with resistance to login-recording attacks can provide both sufficient security and good usability. Herein, we design and implement a simple sector-based graphical password scheme, RiS, with dynamically adjustable resistance to login-recording attacks. RiS is a pure graphical password scheme by using the shape of the sector. In RiS, the user can dynamically choose the login mode with suitable resistance to login-recording attacks depending on the login environment. Hence, the user can efficiently complete the login process in an environment under low threat of login-recording attacks and securely complete the login process in an environment under high threat of login-recording attacks. Finally, we show that RiS can achieve both sufficient security and good usability.