The "letter-number-symbol" verifiers are the bane of my existence.
I have a really simply rule: "You may choose whatever password you wish. If your password is compromised, you will be denied further access to this system. If your job requires access to this system, you will be terminated."
Maybe that's too severe, but if the user needs a little color-coded bar-graph to tell them how good their password is, that would suggest that (1) they don't understand what a password is actually protecting or is for, and (2) the incentives aren't correctly aligned. Personally I think employees should be assigned passwords to company servers. If they have trouble remembering it print it on a key fob or something, it'd be better than them doing what they obviously are going to do: "$username.2015". If a company's password policy is know, a reasonably clever script kiddy can generate a list of 10 probable passwords per account that would probably crack a few percent of them.
And of course the execs are the worst offenders, because their incentives are completely misaligned. It transpired after the Sony hack that the co-chariman of the motion picture group, Michael Lynton, used "sonyml3" as his email password.
How do they actually work? Do they do any kind of entropy calculation, or check the data against known rainbow tables? Or do they just apply rules?