Seth Godin has some good tips for dealing with random-but-usable-by-humans strings and codes. It’s something I spent a bit of time on when building our wedding website: the codes needed to be mildly secure, but easy to enter.
The final solution, which doesn’t seem to have caused any issues, was a random selection of 6 characters from upper-case A–Z, minus “I” and “O”, plus digits 2–9:
When shown to humans, the codes are displayed as two groups of three characters:
But, the codes can be entered with or without the space, and will be accepted whether they’re entered upper-case or not:
So the example above could be entered as “a5d8fu”.
I do disagree with Seth’s last comment about saying “please” in forms though. I don’t think this fools anyone - users know they’re looking at a form and not having a conversation with a human. No need to beg.