You seem to have a problem with reading comprehension. The rules about making a personal appearance and providing ID to register, reset or renew your online account are part of the package.
It’s my idea, so my rules apply. If you want to apply your own rules, then it’s your system and not mine.
Your attack scenarios are fantastic and would be NOTICED. If online voting was somehow disabled by a system-wide attack, you would have to schlep yourself down to the polling station and vote on paper, oh the horror.
Already a non-starter.
To register to vote you must complete a voter registration application on paper or online at RegisterToVote.ca.gov. When you register online, the system will search the Department of Motor Vehicles (DMV) database for your California driver license or identification card number, date of birth, and last four digits of your social security number. If your information is found and you authorize elections officials' use of your DMV signature, an electronic image of your DMV signature will be added to your voter registration application after you click "submit" at the end of the online application. If there is no signature on file with DMV, all of your information will be transmitted to your county elections office; you will just need to click "print," sign the paper application, and mail it. Your county elections official will contact you when your voter registration application is approved or if more information is needed to confirm your eligibility.
Some California counties are good about looking up the person and making sure they aren't registered elsewhere in the state. They do not use https://ericstates.org/who-we-are/ in California so out-of-state registrants won't be detected. The adversary just needs to choose a lax California county and sign up 100,000 new voters. Many of those will fail but some will succeed.
If the Dems take over in Congress they will force the rest of the country to use Calfornia's online system, the opposite of what you are proposing. Even if we forced them to use your system and the adversary can't register online, they will pay the community organizers to register people in person. Then those accounts will be purchased, hijacked, or hacked. One of the ways they will be hijacked is number porting. The adversary will send "forgot password" requests that will send text messages to phone numbers they are able to hijack (not all, but some), or rescue emails to email accounts they can hijack.
Here's a very simple hijack example: https://www.cnbc.com/2019/01/04/how-secure-is-your-account-two-factor-authentication-may-be-hackable.html Requires phishing. As noted in the article it is defeated by a fob. A fob can't be phished.