Polltab Voting Security
Polltab gives you several ways to keep votes honest, from IP and cookie limits to social login verification. Here is how it works and which option to reach for.
How Polltab Handles Votes
When you create a poll, Polltab sets up a dedicated voting box to handle all of its incoming votes. For IP-specific security and above, that box uses a ticketing system: every voter has a unique ID (such as an IP address), and when they vote, that ID is sent to Polltab. The ID is recorded only if it isn't already in the box, and the total vote count is simply the number of unique IDs.
So if your poll uses IP-specific security, each voter's unique ID is their IP address, the address their internet provider assigns them. That keeps every vote tied to a single IP.
Voting Security Options
- Cookie-based. One vote per browser, enforced by a cookie saved in the voter's browser. If someone uses three different browsers, they can cast three votes. Because it depends on a browser cookie, it is not reliable when the poll is embedded on another site (see the FAQ below).
- IP-specific. One vote per IP address. Voters who share a network, such as a school or office, may end up blocking each other, so for polls shared inside one network, cookie-based or authentication-based voting is usually a better fit.
- Social authentication (Google, Facebook, Reddit). An extra layer of security using OAuth login. With Google, for example, voters sign in and grant Polltab basic access, and Polltab uses only the voter's unique Google ID (a numeric identifier like 344221) to record the vote. Each account has its own ID, which keeps votes authentic. No other information is stored.
Voting Security FAQ
Is IP-specific security enough?
For most polls, yes. That said, a tech-savvy voter could cast more than one vote by changing their IP address, and in rare cases someone might build a bot to vote automatically. To help block bots, turn on the CAPTCHA option described in how to create a poll.
Can people still vote multiple times with Google or Facebook login?
Authentication-based polls also rely on unique IDs, so anyone with multiple Google or Facebook accounts could vote more than once.
Why can people vote more than once on my embedded poll?
Cookie-based security is checked in the voter's browser, not on our servers. When a poll is embedded on another website it runs inside an iframe, and most browsers (Safari, and increasingly Chrome) block or isolate the cookie that remembers a voter. So a cookie-based poll cannot reliably stop repeat votes once it is embedded. If you need one-vote-per-person on an embedded poll, use IP-specific security or social authentication instead. Both are verified on our servers, so they work the same way inside an embed.
Still have questions about voting security? Contact us.