Help Center
Support documentation

Watchword Help Center

Everything you need to run phishing simulations and security-awareness training, score Human Risk, manage clients as an MSP, and send safely — written so you never have to contact support.

Watchword is local-first. The training library and the campaign simulator run entirely in your browser with no account and no network. Signing in adds an optional cloud tier (sync, MSP, evidence publishing). Nothing in the core app depends on the cloud — if the cloud module never loads, everything else still works.

Browse by topic

1 · Getting started

What Watchword is, the first run, the seven tabs, and the sample data you start with.

2 · Phishing campaigns

Build and "launch" a simulation, the template library, the recipient roster, cohorts, and the results dashboard.

3 · Security-awareness training

Courses, lessons and quizzes, certificates, assignments, due dates, and completion tracking.

4 · Risk scoring

Phish-prone %, the per-person Human Risk Score and its bands, department breakdowns, and overdue training.

5 · MSP multi-tenancy

The tenant tree, switching clients with no re-login, the cross-client risk board, white-label reports, and isolation guarantees.

6 · Sending safely

The domain-authorization gate (canSend), DNS-TXT domain proof, live send via the notification service, and what's deferred.

7 · Cloud / Pro sign-in

Signing in, per-tenant cloud sync, entitlements (msp, white_label, and more), and publishing evidence.

8 · Security & privacy

Tenant isolation, no cross-tenant PII, boolean-only captures, domain-auth, and PII-free payloads.

9 · Troubleshooting & FAQ

Sends blocked, domains that won't verify, isolation questions, deliverability, sync and entitlement issues.

10 · Error reference

Every gate reason and on-screen message, what it means, and how to clear it.

11 · How do I…?

A recipe index that jumps straight to the steps for the most common tasks.

What's available now vs. deferred

Watchword is honest about its boundaries. The simulator, training, scoring, MSP console, domain proof, and the live-send gate all work today. A few capabilities are deferred behind a clear boundary and are labelled Deferred throughout these docs.

CapabilityStatusNotes
Training LMS, quizzes, certificatesNow10 micro-courses, fully offline.
Phishing template library + campaign simulatorNow24 templates; results modeled locally — no live email is sent.
Human Risk Score, phish-prone %, analyticsNowBehavioral, aggregated across all campaigns.
MSP tenant tree, cross-client board, white-label reportsNowSwitch clients with no re-login; strict isolation.
Domain-auth gate (canSend) + DNS-TXT domain proofNowThe gate and the real DNS-TXT verification are in place.
Cloud sign-in, per-tenant sync, evidence publishProOpt-in; PII-free payloads only.
Live send runner (watchword-send) + deliverability (SPF/DKIM/DMARC)DeferredThe wiring (notify contract, gate) exists; the dedicated mail runner is wave-next.
Open/click webhooksDeferredThe behavioral model fills results today.
M365 / Google OAuth domain proofDeferredDNS-TXT proof works today; OAuth proof is wave-next.
Next: Getting started →