For a ban, they need something concrete like using the same browser cookies, recovery email address or phone number.
IP isn't enough alone - you could be on shared WiFi.
Also, after account creation, you can log in from the same place without risk, or even use multi-login to log into both accounts at the same time.
Phone and desktop OSs should grow a pair and create a virtualization protocol to randomize tracking info to keep PII anonymous.