Hi Mike,
You are asking for a couple of different things there.
Maintenance mode normally stops the site being viewed by anonymous visitors, often displaying a holding page with a simple message. Though you can have fancy holding pages with countdown timers and email signup forms too. But the site can normally be seen by a logged in user (e.g. the client can see work in progress).
Stopping valid users being able to log in is a separate thing again. Not normally related to maintenance mode. But, as it happens, WP Maintenance Mode does support restricting which roles can access the site, whether front end or back. So if you don't allow any roles (administers will still be able to access both) then even if they login correctly on the login page, they still can't get to the back end (nor see the front end if you configure it that way)
But this is still stopping anyone, including anonymous users being able to see the normal site. It will be in 'maintenance mode'. I'm not sure whether you want the normal site to be seen.
Some of the security plugins may allow you to restrict access to the login page by IP address. But I think most of them restrict who can login or who doesn't have limits and rules applied, rather than access to the login page itself.
One other alternative to temporarily lock out valid users but still allow access to the front end of the site, is to set users' roles to 'no role for this site'. It will allow them to log in but they can't access the back end. Not even to edit their profiles.
If this isn't enough, can you explain more what you want to happen?
Mike