aha - got another idea. I'll just use a different format to display the admin comments. So the imposter can't mimic the format, though they can use the same username.
This is frequently done on (pseudonymous) imageboards, as well as chatrooms and the like. The admins have a password/key that when provided, enables them to be displayed differently, like an additional image tag, or a separate nearby text element saying [ADMIN].
This is coded into the server-side site code, and normal users are not able to inject content into that other element to masquerade as admin.
This is coded into the server-side site code, and normal users are not able to inject content into that other element to masquerade as admin.