Excellent points, well said and ++ to DanielSpaniel.

And (to the OP) just FTR, I offered "cookies" as an approach, knowing full well that some users will reject cookies; immediately remove them, or otherwise make their use ineffective. DanielSpaniel's points about the common IP's are well taken... and I should have offered some similar discussion of the limits of cookies, myself.

Broadly though, unless the "like"-button-analogue is somehow related to operational control of a nuclear reactor ...or involved in handing out large sums in small, used, unmarked bills, you will reach a point where it's reasonable to say, 'I've done all that's within reason to secure X; now I need to decide if that's good enough, given the risks/exposures at stake.'