Another possibility is investing in what researchers call continuous authentication. Though once again I very much doubt SE wants to devote any resources to it.

https://www.theverge.com/2019/2/1/18...l-intelligence

"Rather than tests, he favors something called “continuous authentication,” essentially observing the behavior of a user and looking for signs of automation. “A real human being doesn’t have very good control over their own motor functions, and so they can’t move the mouse the same way more than once over multiple interactions, even if they try really hard,” Ghosemajumder says. While a bot will interact with a page without moving a mouse, or by moving a mouse very precisely, human actions have “entropy” that is hard to spoof, Ghosemajumder says."