If you find yourself on this page you are probably trying to figure out how to make your online election or vote secure. While in an ideal world, you could simply run your election or vote using a government database to utilize someone’s driver’s license that is out of reach for everyone aside from the government itself generally. That of course does not mean that you cannot achieve a relatively high or near-perfect level of security. It is not as hard as you may think to make it secure, but we should first consider what might cause problems for you as a voting administrator.
Making it easy vs making it safe!
This is a common issue we see when an election rolls around. No one wants to make voting overly difficult with a 16-character password filled with random letters and symbols. It is also important not to make it too easy. For example, anything that allows you to pull someone’s information publicly might be risky. Such as an NRDS number (in the Real Estate industry) which one can use to find out plenty of personal information about other voters in the organization. Nor is something as simple as a person’s last name and street address within a small HOA.
At Associationvoting.com, we suggestion 2 credentials for authenticating a user. One credential that is unique to the user as an identifier and one that is secret credential for the user. Given some of our available voter credentials, the best options to use for online voting would likely be a combination of the following:
- Verified Voter email: The voter will receive a unique code or link via email that they must use to access the voting platform and confirm their identity. This requires a unique voter identifier, a secret credential and a verified code assigned by AssociationVoting.com to access the voter’s ballot.
- Software generated/Member Password: A password can be used to secure the voter’s account and prevent unauthorized access to the voting platform. This can be a software-generated password or one chosen by the voter. This is a great secret credential option.
- Member ID, Account#, or student #: All three are similar in that they are often numbers that are assigned and generally not publicly available. Thus making them a great choice for a unique user credential to be combined with a secure credential.
- Custom field: Outside of a software-generated password one could take something like a last name combined with last four of phone number etc. to create a unique more secure identifier to combine with a secret credential (such as password).
- Email: It can be used to verify the voter’s identity and utilized to send a voting receipt to the voter. Email should not be used as a secret identifier though if the emails are public knowledge within the voting organization. So the combination Last Name and Email isn’t a secure credential combination. It would become extraordinarily easy to fraudulently cast a ballot for a voter with this credentials combination.
By using a combination of the secure examples above, you can greatly reduce the hack-ability of your election. The final component is to make sure that this login information is kept safe, preferably in the system guarded by administrator authentication for access. This means if you are sending it through an internal company/organization email, make sure the excel CSV downloaded is saved in a personal folder only you as the admin will have access to. Since saving it to a cloud folder accessible to a company or organization-wide can most likely be found by someone looking to do something nefarious.
Ultimately by implementing any of the steps listed in this article you will be able to dramatically limit the chances of someone stuffing the ballot box so to speak.
