I've had to secure a website administrative login system recently, and wanted to get some second opinions on the method that I'm using, since security tends to benefit from second opinions.
Implementation details: Linux, Debian, Mysql, Php
Ip whitelisting system
Parts: in-database: username, password, email, ip address, ip whitelist provided by user: username, password provided by client: current ip address
In addition to requiring a correct username and password, the ip of the system that you are connecting from has to be whitelisted to allow login. Thus the logic of the system cascades like this:
Verification email: simply has a link with a private key that matches the key in the verification database, links to the site, the page links verifies the ip for that record in the database.
if ip whitelisted: once whitelisted, correct username/password combinations are accepted for login as normal, incorrect ones are rejected.
That is the system. It seems slightly similar to the method that banks use to verify devices, though not identical, so perhaps it needs refactoring. Any advice?
My only suggestion would be to use Golden Questions versus Emails. Emails are easily compromised.
If you aren't familiar with Golden Questions it is where you get the user to import X amount of Questions and Answers. The first time they log on you randomly get them to answer some subset of them, if they do it correctly you can white-list. The process repeats each time they log on using a new IP.
Some added benefits are a faster user experience, and less interruption (they dont have to wait for an email before being allowed access).