I’ve had to secure a website administrative login system recently, and wanted to get some second opinions on the method that I’m using, since security tends to benefit from second opinions.

Implementation details: Linux, Debian, Mysql, Php

Ip whitelisting system

Parts:
in-database: username, password, email, ip address, ip whitelist
provided by user: username, password
provided by client: current ip address

In addition to requiring a correct username and password, the ip of the system that you are connecting from has to be whitelisted to allow login. Thus the logic of the system cascades like this:

• if ip not whitelisted: you cannot log in, you must verify that ip.
• Verify your current ip: Go to a page, put in a username, you get a “We will verify that username [someUsername] if it exists and you will receive an automated email for that account directly.” A verification email is emailed to the email on file for that account, if it exists & is active. Otherwise it’ll just display the message and do nothing.

• Verification email: simply has a link with a private key that matches the key in the verification database, links to the site, the page links verifies the ip for that record in the database.

• if ip whitelisted: once whitelisted, correct username/password combinations are accepted for login as normal, incorrect ones are rejected.

That is the system. It seems slightly similar to the method that banks use to verify devices, though not identical, so perhaps it needs refactoring. Any advice?