An access code, or two factor authentication code (2FA) is sent as a security measure. It checks that you, the user, have access to the email address you are using to sign into the system with.
On the login screen, you enter email and password to login. If these are correct, a 2FA code is sent to your email address. You check your inbox, find the 6-digit code and enter this into the box on the login screen.
The code will expire after 60 minutes. If this happens, just start the process again and a new code will be sent out.
Your organisation will define how frequently you must complete a 2FA challenge. The default is once every 3 days.
Access codes for patients
A patient does not login to the system in a conventional way with email and password. They use a validation gate to enter some known information, such as date of birth or surname to prove their identity.
If the patient enters their information wrong five times in a row, the gate is locked. A 2FA access code will be sent to their email address to allow them to unlock the validation gate and try again.