Not having a password to authenticate users is a serious shortcoming.
When we have customers who are eager to provide genuine feedback but are met with spam or other questionable comments posted by someone impersonating them, they tend to walk away questioning our commitment to safeguarding their identity.
This lack of capability defeats our purpose for using the Uservoice platform due to is simplicity. Misuse of a contributors identity has a negative fallout across our user community which hurts more than it helps.

"Allow an account to be created with no authentication mechanism" is really, really bad design. Passwords are a reasonable authentication mechanism. Without it, you should just allow people to post anonymously: with no authentication, there's no effective difference.

Please add the ability for users to sign in with their existing Azure AD accounts. This is easily done per these instructions. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

It's still an issue for us too. We have identify some 2000+ fraudulent users, with incrementing IP addresses that makes our UV data really hard to make sense of.

This is a huge issue for us. Much time is spent manually confirming email addresses in an effort to ensure all votes aren't coming from the same person. Very, very frustrating. I understand some feel email verification would impede engagement with their forum; this is not a concern of ours as an authentic vote count trumps engagement. Couldn't there be an option to turn email verification on/off so that all forum moderators could be satisfied?

I couldn't agree more. People can enter any address they want, and thereby impersonate others!

This is the one feature we have asked for for years. (I put it in as a suggestion before, but it was deleted). We just had 3 people spend 2 weeks implementing a feature and it turned out all the votes came from a single customer who had a bunch of their employees stuff the ballot box.

Thanks Ted! I appreciate you adding this for me.

Unconfirmed profiles can vote, resulting in potential fraud. The optional safeguards (e.g. restricting by IP) don't cover every use case.

For example, restricting to 1 IP per hour will prevent legitimate votes from a certain domain.

One use case involves financially incentivizing ideas with the most votes (propose giving a lecture, and the top most voted on proposals will get monetary compensation). Since many votes will come from the same domain, restricting to one defeats the purpose.

Proposal: in settings -> general -> user authentication, add an option to restrict voting to confirmed profiles only. OR Require admin approval to vote (similar to pre-moderation for ideas)