Passcode Generation Guidelines?

Is there any kind of guidelines on passcode generation with regards to UX?

In particular I just ran into a site that used auto-generated codes but the codes it made were impossible to tell if a letter was a D and O or a 0. I i l 1 can also be indistinguishable depending on the type style.

This would seem like it should be a common UX guideline, never generate codes with those characters. Maybe even U V u v should be removed. g q and 9, 6 and G as well. Next to each other sometimes these or more obvious but in a random code it's not always clear.

Do such guidelines exist and are there any other characters that should be avoided? Maybe ! is another one?

Note: this question is not about passwords, it's about passcodes (maybe there is another name). A password is something a user can possible create. A passcode is something a computer creates like emailing you a 6 character code to type in.

For example Apple will popup a 6 digit number, a passcode, on an registered Apple device when you try to log into icloud.com. Apple doesn't have the UX problem above because their passcodes are only digits, no letters.

Conversely some other site had a 10-15 second puzzle to solve, once solved it showed a code

Is that code BB1CA1O8? BB1CA108 ? BB1CA1D8?

Get the code wrong and you have to re-fill out the form and solve the 10-15 second puzzle again