This is not exactly an answer to your question, but it might help you out a little bit.
The FileMaker password strength meter (in fact, nearly any password strength meter) doesn't provide much in the way of useful feedback.
They basically can't account for dictionary based attacks, and often make odd decisions about what to call "strong" (many meters will consider a 25 character password that's all lowercase to be weaker than a 9 character password with a single non-lowercase digit--this is completely false).
Use a high entropy password (which is *mostly* about length), and make sure you're not using a commonly used password (meaning in the top 10 million or so), and you'll be fine.
So, unless you have some kind of organizational reason (e.g. make the boss happy) to get that strength meter to at least "medium", just follow good password rules.
Thanks both. I'll check out the resources you mentioned.