Here are some steps that CUDefense recommends credit unions and vendors implement to help make Internet banking systems more secure against script attacks. For credit unions: 1.Force the use of complex passwords. They should be at least eight characters and a combination of letters, numbers, upper case and lower and special characters such as ampersands, percent signs and asterisks. 2.Use graphical security code that does such things as bend fonts. CUDefense says this can shut down a password-guessing script. 3.Allow members to change their passwords easily, online and not by calling in. And encourage them to do it often. 4.Require vendors to supply multifactor authentication mechanisms that implement an identifier unique to the member. Smart Cards, biometric readers and token-based authentication systems are examples. These will not only thwart an automated attack, they will render useless any credentials acquired through phishing and pharming attacks, CUDefense says.