Actually, these access codes are retrieved from the doors of my rooms "40" and "35" where I have slept in. "CX90" and "CI15" are the id from the floor where the rooms are located, whereas the last part is set to the last room on the floor "48" or "38". Some of my friends have slept in room 32 and got room code "C15Z32".
As you see, the codes are not very hard to guess and offer no security for the backpackers sleeping in there. As there was no locker available, you just could hope everybody was so friendly not to steal anything while you've been out for a few drinks.
Therefore, if you have access codes in place, they should never be guessable and of course, they should be changed from time to time, so that, in case somebody publishes the codes or gets access to these codes, your company still remains secure.