What about just using 'web of trust', for example with GPG? If the user's key is signed by people that met up with the actual person, it would be much harder to make fake identities.
There was an article from 2019 [0] that someone on HN linked recently about how "web of trust is dead", but it seems to concern scalability problems with the keyserver, which resulted in DoS attacks, which made them disable the feature by default. The concept should presumably still be good, assuming the issues specific to the GPG keyserver can be avoided.
They could do that, but you'd be able to see that nobody/few outside their cluster signed any of their keys.
Let's say they have fake passports and physically appear at key signing parties. Now you're screwed because even your peers (that you thought know how to validate identities using passports) will get fooled.
