You can set up a system where "guests" (First time users), are required to specify an account name and password that they are to use for ongoing access to the database. There are script steps you can put into a script that can take the user specified account name and password and create a limited access account for them. The privilege set your script assigns to this account can limit the user to only records tagged with that account name--keeping them from accessing records for any other customer. This script can be set to "run with full access privileges" in order to create that new account.
For how to set up an account that limits the user to only certain records in a table or tables: See "Editing record access privileges" in FileMaker Help and check out this particular sub section: "Entering a formula for limiting access on a record-by-record basis" for a description of how to set this up.
Thanks! From your response, it sounds like this is a pretty typical thing to do... would you say that's accurate?
Web security is a foreign language to me (I'm just starting to learn).
For certain types of systems, it's very typical. Especially if you need to manage very large numbers of accounts and passwords for your database. You can literally end up with a database to manage access to the database by setting up a table of account names and associated privilege sets (if you need to grant different levels of access to different users) but you usually, as a security precaution would not store the passwords. Instead you'd build in a system that lets the person managing access set up an account to reset the password should the user fail to remember a password and request a new account.