If we truly need age gates on the internet, then I think the best method is to have non-internet based age verification. I envisage going to a local shop and buying something like a gift-card that the shops only sell to adults (c.f. tobacco sales in the UK). That way, the gift-card code would be the only information required to upload to websites to prove that you're an adult and existing legislation could cover the shops requirements to not sell them to minors.
I don't see why they'd need to expire after a time, but I think the purchaser should be able to revoke the code if they lose it if they particularly care. A least with it being a simple age verification system, there shouldn't be any worry about someone stealing your code as it shouldn't be linked to any accounts.
I don't see too much of an issue with resales - it's like if an adult buys booze for someone underage which can't really be prevented.
My issue with having them expire is that people would have around 70 years of proving their age whilst minors only need to be prevented from accessing websites for up to 18 years (more likely just 10 years or so).
