We could offer extra security by allowing admins to enable Fido U2F tokens for authentication and voting. So this could be optional for users, or required. But once Fido U2F token would be integrated linked to the account, when voting, one would have to press the token to be able to vote. This could mitigate slightly cases when users' passwords would be stolen and used to vote. But if a user's computer is compromised, attacker can still provide a different vote to the server, while displaying wanted vote to the user.
We could offer extra security by allowing admins to enable Fido U2F tokens for authentication and voting. So this could be optional for users, or required. But once Fido U2F token would be integrated linked to the account, when voting, one would have to press the token to be able to vote. This could mitigate slightly cases when users' passwords would be stolen and used to vote. But if a user's computer is compromised, attacker can still provide a different vote to the server, while displaying wanted vote to the user.