Allow accounts to require email confirmation/password for public forums
UserVoice's default sign in on public forums does not require users confirm their email address or create a password to post ideas, vote or comment. Customers would like the option to make these a requirement.
Iftikhar Waheed commented
Not having a password to authenticate users is a serious shortcoming.
When we have customers who are eager to provide genuine feedback but are met with spam or other questionable comments posted by someone impersonating them, they tend to walk away questioning our commitment to safeguarding their identity.
This lack of capability defeats our purpose for using the Uservoice platform due to is simplicity. Misuse of a contributors identity has a negative fallout across our user community which hurts more than it helps.
Chris Conley commented
"Allow an account to be created with no authentication mechanism" is really, really bad design. Passwords are a reasonable authentication mechanism. Without it, you should just allow people to post anonymously: with no authentication, there's no effective difference.
Andy Morgan commented
Please add the ability for users to sign in with their existing Azure AD accounts. This is easily done per these instructions. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
Will Thompson commented
It's still an issue for us too. We have identify some 2000+ fraudulent users, with incrementing IP addresses that makes our UV data really hard to make sense of.
City of Barrie commented
This is a huge issue for us. Much time is spent manually confirming email addresses in an effort to ensure all votes aren't coming from the same person. Very, very frustrating. I understand some feel email verification would impede engagement with their forum; this is not a concern of ours as an authentic vote count trumps engagement. Couldn't there be an option to turn email verification on/off so that all forum moderators could be satisfied?
B Banana commented
I couldn't agree more. People can enter any address they want, and thereby impersonate others!
David Thielen commented
This is the one feature we have asked for for years. (I put it in as a suggestion before, but it was deleted). We just had 3 people spend 2 weeks implementing a feature and it turned out all the votes came from a single customer who had a bunch of their employees stuff the ballot box.
Chris Condayan commented
Thanks Ted! I appreciate you adding this for me.
Unconfirmed profiles can vote, resulting in potential fraud. The optional safeguards (e.g. restricting by IP) don't cover every use case.
For example, restricting to 1 IP per hour will prevent legitimate votes from a certain domain.
One use case involves financially incentivizing ideas with the most votes (propose giving a lecture, and the top most voted on proposals will get monetary compensation). Since many votes will come from the same domain, restricting to one defeats the purpose.
Proposal: in settings -> general -> user authentication, add an option to restrict voting to confirmed profiles only. OR Require admin approval to vote (similar to pre-moderation for ideas)