Captcha and a careful registration.
The Mars login uses a text captcha with decoy fields.
Six characters of text with decoy input fields whose names rotate every page load. Bots fill the wrong field and trip. Type into the visible real field, and cross-check the header address before your password.
Pick a username you have never used elsewhere, generate a unique password in a local manager, and store the recovery phrase on paper. No genuine login ever asks for the recovery phrase.