Prevent multiple participation
In general, it is difficult to avoid multiple participation. PollUnit can prevent participants from multiple voting with the help of cookie and IP checks. However, a participant from another computer can reopen the poll and vote again. Nevertheless, there are several ways to protect your online voting from unwanted multiple participations or to reduce them. Choose your security mechanisms depending on your target group.
Secure online surveys and polls
Allow multiple participations with one device
If you activate »Allow multiple participations on one device«, a button will be displayed in your PollUnit, through which a new participation under a different name can be started after a participation.
Cookies
If you choose »Allow only one participation«, a cookie will be set at the participant after casting a vote. This cookie prevents further participation in the user's browser. If the user changes the browsers or deletes their cookies, they can vote again. Cookie protection therefore offers only limited security.
IP address
If you activate the IP blocker, the IP address of the participant will be blocked for further participations after a participation. For example, users of companies and universities may use the same IP address. They could then only participate once. Since the IP address can change, this method also offers only limited protection.
Account required
If you require an account, only participants who have created a PollUnit account can vote. To create an account, participants need a valid email address which will be verified by us. Only one participation per account or e-mail address is possible.
External authentication provider
Access can be limited to accounts authenticated via external providers like Facebook, Google, or your own SSO solution, ensuring exclusive participation, e.g., for employees within your company.
Google, Facebook, and Github
Participants can log in using their Google, Facebook, or Github accounts without the need to create separate credentials. The identity of participants is verified through the authentication process with Google, Facebook, or Github. This makes it more challenging for individuals to create multiple accounts and thus enables prevention of multiple participations.
Allow access only with organization's SSO
If you create a PollUnit within an organization, which has an SSO provider configured, you can allow access to only users who are authenticated through this provider.
Request Email Confirmation
If email confirmation is required, participants are asked to enter their email address. Subsequently, PollUnit sends an email with a confirmation link. Participation is only possible after confirmation.
Allow All Domains
Participants can enter any email address. If a person has access to multiple email addresses, they can theoretically generate one participation for each email address.
Allow Only Specific Domains
Participants must use an email address with one of the allowed domains, which can significantly enhance security. For example, if the domain is my-domain.com, only email addresses ending with @my-domain.com can be entered. This can ensure that only individuals from the same company can participate.
Invitation required
A very secure method is to only allow users to participate who have received an invitation. For this purpose, PollUnit sends e-mails with a secret code that can only be used once for voting. For this method, participants do not need a PollUnit account. The invitation links can also be sent manually, so you can share them for example via WhatsApp or other messengers.
Invitation and PollUnit account required
Compared to »Invitation required« participants additionally need a PollUnit account. They need to log in or register with PollUnit before voting. The advantage over »Invitation required« is that an invitation, that does not match the invited email address, cannot participate. So intercepted or stolen invitations cannot be used unless the user have access to the respective PollUnit account.
Apply restriction also to visitors
With »Apply restriction also to visitors« users can only access the PollUnit with the selected security setting. Otherwise, the access restriction applies only to voting users.
The necessary settings can be found in step 4 of your PollUnit Wizard.
You see, it is crucial whether you know your participants or whether they are completely unknown to you. Only if you create a voting with the settings »Invitation required« or »Invitation and PollUnit account required« you can be sure that your invited persons can only vote exactly once.
If you share the participant link to your PollUnit, e.g. on Facebook, and you also allow unknown users who were not invited to vote, we cannot uniquely identify these users. However, we can raise the hurdle to cast a double vote.
If you have further suggestions on how we can secure your vote against multiple participation, feel free to open a feature request in our PollUnit Support Forum.
Identify and remove fake voters
The PollUnit Fraud Bot is an AI (artificial intelligence) that can automatically find suspicious and fake votes. These votes can also be deleted. It does not provide 100% protection, but is an alternative if the hurdle for voters must be kept low and e.g. the »invitation required« feature cannot be used.
Making fraud difficult through pairwise comparison
In some cases, conducting voting through pairwise comparison can be a wise choice. PollUnit offers a dedicated type for this purpose, allowing comparisons of texts and images. Each voting participant is presented with a random subset of the options for voting. The voter must choose a favorite from several pairs. PollUnit creates a relative ranking based on this data.
Because the pairing assignment is random, fraud is made more difficult. Participants do not know in advance which pairs they will evaluate. This makes it harder for fraudsters to focus on specific pairs they may wish to manipulate.