ZSentry Login
And 1-Click Access™

Simple and secure ZSentry login prevents fraud with Zmail.

Why Z?
Because it's 'EZ' to use and forms a Z with four sentries that protect your data (Authorization, Spoof Prevention, Authentication, and Access Control):

ZSentry Login

The ZSentry Login looks like the familiar username and password login, but uses two-factor authentication and is further enhanced by splitting the process in two screens.

You do not have to give your password unless you have a first proof (the Return Code) that the website you reached is the legitimate site allowed to process it. Your user login and keys are also safe: there is no user key, usercode or password file stored anywhere.

Two-Factor Authentication, Spoof Prevention and More
From the server side, the success of your ZSentry Login is verfied by two factor-authentication:

  1. something you chose (your Password)
  2. something you received (your Usercode, which is unpredictable)

These two factors are only known by you -- there is no copy in the server or elsewhere, not even encrypted. This means that no one can get them by attacking the servers or asking us. Because the Usercode is unpredictable, even if you choose a weak Password, your authentication credentials (Usercode and Password) are hard to guess together. Nonetheless, for your security, please choose a Password that is both memorable by you and hard to guess.

However, before you are asked to give your Password to the server, you can authenticate the server — allowing you to verify whether the server is trusted to process your Password. This is done visually by you, without an intermediary,using your Return Code (received by you when you registered). Your Return Code is only known by you -- there is no copy in the server or elsewhere, not even encrypted. If the server does not reply to your server authentication request with your correct Return Code, which is a first proof that the server is legitimate, you should not continue the login — you should not enter your Password. This prevents spoofing, when a server masquerades as legitimate.

An additional second authentication channel can be used if you need (available for Premium accounts, by request). After you succesfully enter your Usercode and Password, the server can send to your registered cell phone a one-time, unpredictable code by SMS (text message). You have a couple of minutes to enter that code in a third screen, proving further proof to the system that you are the authorized user. Because the one-time code changes for every request and can only be used at the screen where it was requested, your security is not compromised even if your cell phone communication is intercepted. If you are interested in this option, please request our contact using the Support Center page.

Allow 1-Click Access™
Select this option during login to automate access control to your Zmail account.

1-Click Access™ Instructions:
1. Bookmark the page
2. For your next login, just click the bookmark and the Zmail Login link (will open a new window), OR
3. Click READ on a Zmail that you receive.

What's 1-Click Access™? It means 1-Click Access™ to read Zmail or login after you login once, until you close your browser or your access time expires. Zmail, if authorized by you in your cookie preferences, stores a cookie (a small data file) in your machine memory, with encrypted, unpredictable login credentials for that browser session. These credentials allow secure, 1-Click Access™ to your Zmail account while the browser is open.

1-Click Access™ Security
The 1-Click Access™ cookie expires and is deleted when you close your browser, protecting your account if someone later on uses your browser. The cookie also has a "time to live" and is expired by Zmail after that time, further protecting your account if you forget to close your browser. The 1-Click Access™ cookie has no personal identity information. 1-Click Access™ does not require JavaScript to be used.

HELP & CUSTOMER SUPPORT: Go to the Support Center link at any page for help and support requests.

The contents of this entire site and domains are © Copyright, NMA Inc., 2003-9. All rights reserved, worldwide. Titles and product names are trademarks of NMA, Inc., including NMA, ZSentry, Return Code and Zmail. Patent pending.