Yes the goal here is to test our processes, tools and policy in advance of the 1.0 official server. We need to know how well these things work before that launches, not after we have 27+ accounts controlled by one person and have to clean it up afterwards.
I like the access code idea, that said we have known way to "Verify" the codes, without the master list which has been lost in the shuffle of the shutdown we have no way to know someone hasn't just printed themselves a new one.