This would only require the player to authenticate before they start botting it fixes nothing.
As I understand the bot programs, they need to supply username and password in the program to start botting. This would suggest they need to first authenticate with their account to be able to actually start botting.
So if they are unable to authenticate, they cannot bot.
I guess you are saying, lets say the token has been issued, they could log out and then start the bot process, well the idea is that every logout even which is easily tracked would trash the token.
Now the only concern I woudl have is change character, how does the bot program connect, lets say the user authenticates, selects change character, and starts the bot program, would it be able to pass this check -> yes it might, however, there should be simple solutions to block that too, and that could be something like see if the username and password was supplied again while in the change character view, if it was, then force the user to reauthenticate.