No frameworks, no funding, no team—just vanilla JavaScript and a real problem to solve.

\ I got locked out of the GST portal during tax season.

\ Not because I forgot my password. I knew my password. The portal just kept saying "Invalid password format."

\ No explanation. No hint. Just rejection.

\ After 30 minutes of trial and error (and missing the filing deadline), I decided to build something so this would never happen again.

\ Two weekends later: PasswordChecker.in was live.

\ Two weeks after launch: 1,000+ users.

\ Here's how I did it—and what I learned about shipping fast.

The Problem (Very Specific, Very Real)

Indian government portals are a mess when it comes to passwords:

• UIDAI (Aadhaar): 8+ characters
• GST Portal: 10+ characters
• Income Tax: 12+ characters
• EPFO: 8-25 characters, expires every 60 days

\ Each portal has different requirements. No standardization. Unclear error messages.

\ Result: Millions of Indians get locked out daily, not knowing what they did wrong.

\ I confirmed this by posting on Reddit: "Anyone else frustrated with GST portal passwords?"

\ 47 replies in 2 hours. All variations of: "YES! It's horrible!"

\ That's when I knew: This wasn't just my problem. This was EVERYONE's problem.

Weekend 1: Build the MVP

Friday Night (4 hours):

Goal: Basic password strength checker

\ I started with the simplest possible version:

javascript

// All the code needed for v0.1 function checkPassword(password) { const checks = { length: password.length >= 8, uppercase: /[A-Z]/.test(password), lowercase: /[a-z]/.test(password), number: /[0-9]/.test(password), special: /[!@#$%^&*]/.test(password), }; return checks; }

Added a simple HTML form, Tailwind CSS for styling, and real-time feedback.

\ Saturday (8 hours):

Morning: Government portal requirements

\ I spent 3 hours researching official password policies for 10+ government portals. Most don't publish this clearly—I had to test each one manually.

\ Created a requirements database:

javascript

const portals = { uidai: { minLength: 8, maxLength: 32, requiresSpecial: true }, gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 }, incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true }, // ... 7 more portals };

Afternoon: UI polish

• Added color-coded strength meter
• Checkmark indicators for each requirement
• Portal-specific compliance badges
• Mobile responsive design

\ Sunday (8 hours):

Goal: Ship it

• Bought domain: passwordchecker.in (₹799)
• Set up hosting on Vercel (free)
• Connected domain
• Created basic About/Privacy pages
• Deployed

\ Total time: 20 hours \n Total cost: ₹799 (domain only)

Sunday evening, 6 PM: Clicked "Deploy" and went live.

Weekend 2: Add the Magic Features

The basic checker worked, but users kept asking for more:

\ Friday Night (3 hours): Integrated Have I Been Pwned API for breach checking:

javascript

async function checkBreach(password) { const hash = await sha1(password); const prefix = hash.substring(0, 5); const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`); const data = await response.text(); // Check if full hash is in breached passwords return data.includes(hash.substring(5)); }

Key insight: k-Anonymity model means I never send the full password to any server. Only the first 5 characters of its hash. Privacy-safe.

\ Saturday (6 hours):

Built a password generator with a twist:

Problem: Most generators create gibberish like xK9!mP2@dL4q \n Solution: Generate readable passwords like Quick7Tiger$42

\ javascript

function generateReadable() { const adj = ['Quick', 'Brave', 'Smart', 'Cool']; const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion']; const special = ['@', '#', '$', '%']; return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`; }

**Result:** Strong passwords that humans can actually remember. **Sunday (5 hours):** Multi-portal benchmark feature: Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons). This became the **most popular feature**. Users screenshot the results and share on WhatsApp. --- ## Launch Strategy (Reddit + LinkedIn) **Monday Morning:** Posted on 5 subreddits Used this template: > **Title:** I built a free password checker for Indian government portals > > **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others. > > Features: > > * Real-time strength checking > * Government portal compliance (UIDAI, GST, Income Tax) > * Data breach checking (10B+ leaked passwords) > * Multi-portal compatibility test > > 100% privacy-safe - everything runs in your browser. > > Link: [passwordchecker.in](http://passwordchecker.in) > > Would love feedback! **Results:** * **r/india:** 147 upvotes, 52 comments * **r/IndiaInvestments:** 89 upvotes, 31 comments * **r/developersindia:** 203 upvotes, 67 comments * **Total:** 439 upvotes, 150+ comments **Traffic spike:** 847 visitors on Day 1 **Also posted on LinkedIn:** > Just shipped my first public side project! > > [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements. > > Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind. > > Why? Because I got locked out of GST portal three times and got fed up. **Results:** 212 likes, 38 comments, 5,000+ impressions --- ## The Growth Loop **Week 1:** 1,247 visitors (mostly Reddit) **Week 2:** 2,103 visitors (word of mouth + LinkedIn) **What drove growth:** 1. **Shareability:** Multi-portal test results are screenshot-worthy 2. **Real problem:** Everyone in India deals with government portals 3. **Free + No registration:** Zero friction to try 4. **Privacy-safe:** Users trust it (nothing sent to server) **Week 3:** Added email capture Simple form: "Get alerts about data breaches" **Conversion:** 8% of visitors (84 subscribers in first week) **Week 4:** Added blog Started writing about data breaches affecting Indians: * "Domino's India Breach: 180M Orders Exposed" * "MobiKwik Leak: 110M Indian Users Affected" **SEO strategy:** Target long-tail keywords like "how to check password breach india" **Result:** Google search traffic started trickling in (50-100 visitors/day) --- ## The Tech Stack (Deliberately Simple) **No frameworks. No build process. No backend.**

Frontend: Vanilla JavaScript Styling: Tailwind CSS (CDN) Hosting: Vercel (free) Domain: Namecheap (₹799) Analytics: Google Analytics (free) Total cost: ₹799

## Why no React? 1. Speed: React bundle = 130KB+ before I write any code 2. Complexity: Overkill for a single-page tool 3. Performance: Vanilla JS is faster to load and execute 4. Portability: No dependencies to maintain ### **Deployment:**

javascript git push origin main

Vercel auto-deploys in 30 seconds

```

No webpack. No babel. No build step.

Monetization (The Honest Numbers)

Revenue Timeline:

Month 1: ₹0

• Applied for Google AdSense (pending approval)
• Added affiliate links (no clicks yet)

Month 2: ₹1,247

• AdSense approved
• Added password manager affiliates (Bitwarden, 1Password)
• 3 affiliate conversions

Month 3: ₹4,863

• Increased traffic = more ad revenue
• 12 affiliate conversions
• Added "Buy me a coffee" (₹300 in donations)

Month 4: ₹8,200/month

• AdSense: ₹5,100
• Affiliates: ₹2,800
• Donations: ₹300

Not life-changing money, but:

• Covers hosting + domain + coffee
• Validates that free tools CAN make money
• Growing 30-40% month-over-month

What I Learned

1. Ship Fast, Improve Later

   v1.0 was embarrassingly simple:

• Just a password checker
• Basic UI
• No breach checking
• No generator

\ But it solved the core problem. I could have spent 3 months building the "perfect" tool. Instead, I shipped in 2 weekends and added features based on actual user requests.

Best Features Came From Users:

• Multi-portal benchmark (user suggestion)

• Readable password generator (user complaint about gibberish)

• Government portal list (users asked "what about EPFO?")

  \

1. Solve Your Own Problem

   I built this because I personally got locked out of the GST portal. I was the target user.

   Benefits:

• I understood the pain deeply
• I knew what features mattered
• I could test it myself instantly
• I was passionate about solving it

\ Contrast with:

"I should build a productivity app for busy executives."

\ (I'm not a busy executive. How would I know what they need?)

3. Free Tools Can Make Money

Misconception: "Free = No revenue"

\ Reality: Free tools can monetize via:

• Ads (AdSense)
• Affiliates (recommend paid tools)
• Donations (voluntary support)
• Premium tier (future plan)

\ Key: Solve a real problem. Traffic will come. Monetization follows.

4. India-Specific = Less Competition

I could have built a generic password checker. But there are 100+ of those.

\ By focusing on Indian government portals specifically, I:

• Faced less competition
• Attracted a loyal niche
• Solved a problem others ignored
• Created defensibility

\ Lesson: Niche down. Own a small pond.

5. Marketing is Uncomfortable (Do It Anyway)

I HATED posting on Reddit. I felt like I was spamming. I hesitated for 2 days. But:

• 850 people found my tool on Day 1 because I posted
• 150+ comments were positive
• Zero "spam" complaints

\ Lesson: Your brain overestimates rejection. Most people are helpful if you're solving a real problem.

Mistakes I Made

1. Didn't Capture Emails Early Enough

   Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks.

   Fix: Added email form in Week 3. Should have been Day 1.

   \

2. No Analytics Initially

   Didn't add Google Analytics until Week 2. Lost data on:

• Which features were most used
• Where traffic came from
• User behavior patterns

Fix: Always add analytics from Day 1, even if it's an ugly MVP.

\

1. Ignored SEO Initially

   Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO.

   Result: Google traffic took 6 weeks to start.

   Fix: Should have written blog posts from Week 1. SEO is slow—start early.

   \

2. Didn't Ask for Testimonials

   Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials.

   Fix: Now, I ask users for feedback and save positive responses for social proof.

What's Next

Short-term (Month 5-6):

1. Premium tier (₹99/month)

• Bulk password checking (CSV upload)

• API access for developers

• Ad-free experience

• Priority support

  \

1. Browser extension

• Auto-fill government portals

• One-click password generation

• Auto-detect portal requirements

  \

1. Mobile app

• Offline password generation
• Biometric security
• Password storage (local only)

Long-term (Year 1):

B2B offering

• Sell to CA firms, tax consultants
• Bulk license for employees
• White-label option

API for developers

• Password validation as a service
• Government portal requirements database
• Integration with other tools

\ Goal: ₹50,000/month by Month 12

Should You Build a Weekend Project?

Do it if:

✅ You have a specific problem you personally face \n ✅ Others likely face the same problem \n ✅ Current solutions are inadequate \n ✅ You can build an MVP in 2-3 weekends \n ✅ You're willing to market it (not just build)

Don't do it if:

❌ You're chasing trends ("AI is hot, I'll build an AI tool") \n ❌ You don't personally understand the problem \n ❌ You're not willing to talk about it publicly \n ❌ You expect instant success (takes months)

The Honest Truth About Building in Public

What people show:

• "Just hit 10K users! 🎉"
• "Launched and got featured on ProductHunt!"
• "$10K MRR in 3 months!"

\ What they don't show:

• Weeks of zero traffic
• Reddit posts with 2 upvotes
• Features nobody uses
• Revenue that doesn't cover the time invested

\ My reality:

Month 1: Exciting (launch high) \n Month 2: Depressing (traffic dropped) \n Month 3: Confusing (some features work, some don't) \n Month 4: Encouraging (consistent growth)

\ \ Building in public is hard. You face rejection publicly. You fail publicly. You struggle publicly.

\ But:

• You learn publicly
• You get feedback publicly
• You succeed publicly

\ Worth it? For me, yes. For you? Depends on your goals.

Key Takeaways

1. Ship fast - 2 weekends is enough for MVP
2. Solve your own problem - Be your target user
3. Vanilla JS is underrated - Don't reach for frameworks by default
4. Market aggressively - Build AND promote
5. Niche down - India-specific > Generic
6. Free can monetize - Ads + affiliates + donations
7. Marketing is uncomfortable - Do it anyway
8. SEO takes time - Start writing Day 1
9. Listen to users - Best features come from feedback
10. Building in public is hard - But worth it

Try It Yourself

Live: passwordchecker.in

Built with:

• Vanilla JavaScript
• Tailwind CSS
• Have I Been Pwned API
• Love for solving real problems

\ Time invested:40 hours (2 weekends) \n Revenue:₹8,200/month (Month 4) \n Users: 5,000+ (and growing)

\ Not bad for a side project that started with frustration at a government portal.

\ What are you building? Drop a comment—I'd love to hear about your weekend projects!

Connect: Follow my build-in-public journey:

• Twitter: @cgnivargi
• LinkedIn: https://www.linkedin.com/in/cnivargi/

\