Just use script and don't even worry about collisions. Here are two methods:
The first method just generates a random 8 character "password" while the second method generates a ob32 encoded string based on the current time. FWIW, ob32 encoding is the encoding used to generate dbid's.
I seriously doubt you will have to worry about two people having the same code or that someone would attempt to discover the ob32 string by regenerating it through code based on the timestamp.