www.samy.pl/evercookies/

Make an account verification by phone?

Maybe you should try to get by with in-game resources? The more the user plays, the more expensive the account becomes for him (at least because of the time spent) and the less he violates the rules for fear of a ban. Make some beginner pen with a hard banhammer and maybe that will solve the problem.

add an inconspicuous flash file to the web page, which will be marked during the ban in the internal storage of the flash - most do not clear it. but here you have to get a little confused with the action script

Well, cookies will help weed out a small percentage of cheaters. Can be combined with IP. Those. just changing the ip or clearing the cookies will not work. It will need to be done at the same time. And you can’t think of anything else, like.

Ban not by the user parameter, but by the parameter of his actions. You come up with a small list of illegal actions. "Describe" == code.

Can try an integrated approach. To the maximum, take into account all the information from the headers + IP range, set a cookie as a flag for it and force new accounts to log in. So the user will create a couple of accounts - there will be statistics. On the third it can be calculated.
But the chances of being wrong are still there.

Set a cookie in the browser, form a hash from USER_AGENT+HTTP_ACCEPT + some other HTTP_ headers.

There are many ready-made libraries yandex.ru/yandsearch?text=detect+mobile&from=fx3&clid=46510&lr=213
Set redirection to a stub from mobile phones.

Track duplicate contacts (they still registered with you), start warning and banning, while not deleting, but simply deactivating. Well, a person registers a dozen or two emails ... and then they get bored.

As an option - authorization through social networks. Through the same VK - now they have registered there via SMS and by invitation (as far as I heard), so registering a new account in your game = registering a new account in social networks.