One key fix is to issue user names based on the members email address, that right there takes care of the user/pass list guessing programs.
Take it a step further and randomize the password also.
Something like
[email protected]:s97op3we
is a lot tougher to get than
monitor:speaker