I develop a political survey website where anyone can vote once. Obviously I have to prevent multiple registrations for the survey remains relevant. Already I force every user to login with their Google, Facebook or Twitter account. But they can authenticate 3 times if they have an account on each, or authenticate with multiple accounts of the same platform (I have 3 accounts on Google). So I thought also store the IP address, but they can still go through a proxy... I thought also keep the HTTP User Agent with PHP's get_browser(), although they can still change browsers. I can extract the OS with a regex, to change OS is less easier than browsers. And there is also geolocation, for example with the Google Map API.

So to summarize, several ideas:

• 1 / SSO Authentication (I keep the email)
• 2 / IP Address
• 3 / HTTP User Agent
• 4 / Geolocation with an API

Have you any other ideas that I did not think?

How to embed these tests? Execute in what order?

Have you already deploy this kind of solution?