No frameworks, no funding, no team—just vanilla JavaScript and a real problem to solve.
I got locked out of the GST portal during tax season.
Not because I forgot my password. I knew my password. The portal just kept saying "Invalid password format."
No explanation. No hint. Just rejection.
After 30 minutes of trial and error (and missing the filing deadline), I decided to build something so this would never happen again.
Two weekends later: PasswordChecker.in was live.
Two weeks after launch: 1,000+ users.
Here's how I did it—and what I learned about shipping fast.
The Problem (Very Specific, Very Real)
Indian government portals are a mess when it comes to passwords:
- UIDAI (Aadhaar): 8+ characters
- GST Portal: 10+ characters
- Income Tax: 12+ characters
- EPFO: 8-25 characters, expires every 60 days
Each portal has different requirements. No standardization. Unclear error messages.
Result: Millions of Indians get locked out daily, not knowing what they did wrong.
I confirmed this by posting on Reddit: "Anyone else frustrated with GST portal passwords?"
47 replies in 2 hours. All variations of: "YES! It's horrible!"
That's when I knew: This wasn't just my problem. This was EVERYONE's problem.
Weekend 1: Build the MVP
Friday Night (4 hours):
Goal: Basic password strength checker
I started with the simplest possible version:
javascript
// All the code needed for v0.1
function checkPassword(password) {
const checks = {
length: password.length >= 8,
uppercase: /[A-Z]/.test(password),
lowercase: /[a-z]/.test(password),
number: /[0-9]/.test(password),
special: /[!@#$%^&*]/.test(password),
};
return checks;
}
Added a simple HTML form, Tailwind CSS for styling, and real-time feedback.
Saturday (8 hours):
Morning: Government portal requirements
I spent 3 hours researching official password policies for 10+ government portals. Most don't publish this clearly—I had to test each one manually.
Created a requirements database:
javascript
const portals = {
uidai: { minLength: 8, maxLength: 32, requiresSpecial: true },
gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 },
incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true },
// ... 7 more portals
};
Afternoon: UI polish
- Added color-coded strength meter
- Checkmark indicators for each requirement
- Portal-specific compliance badges
- Mobile responsive design
Sunday (8 hours):
Goal: Ship it
- Bought domain: passwordchecker.in (₹799)
- Set up hosting on Vercel (free)
- Connected domain
- Created basic About/Privacy pages
- Deployed
Total time:20 hours
Total cost: ₹799 (domain only)
Sunday evening, 6 PM: Clicked "Deploy" and went live.
Weekend 2: Add the Magic Features
The basic checker worked, but users kept asking for more:
"Can you check if my password was leaked?"
"Can you generate a password that works for all portals?"
"Can I test against multiple portals at once?"
Friday Night (3 hours): Integrated Have I Been Pwned API for breach checking:
javascript
async function checkBreach(password) {
const hash = await sha1(password);
const prefix = hash.substring(0, 5);
const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`);
const data = await response.text();
// Check if full hash is in breached passwords
return data.includes(hash.substring(5));
}
Key insight: k-Anonymity model means I never send the full password to any server. Only the first 5 characters of its hash. Privacy-safe.
Saturday (6 hours):
Built a password generator with a twist:
Problem: Most generators create gibberish like xK9!mP2@dL4q
Solution: Generate readable passwords like Quick7Tiger$42
javascript
function generateReadable() {
const adj = ['Quick', 'Brave', 'Smart', 'Cool'];
const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion'];
const special = ['@', '#', '$', '%'];
return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`;
}
**Result:** Strong passwords that humans can actually remember.
**Sunday (5 hours):**
Multi-portal benchmark feature:
Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons).
This became the **most popular feature**. Users screenshot the results and share on WhatsApp.
---
## Launch Strategy (Reddit + LinkedIn)
**Monday Morning:** Posted on 5 subreddits
Used this template:
> **Title:** I built a free password checker for Indian government portals
>
> **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others.
>
> Features:
>
> * Real-time strength checking
> * Government portal compliance (UIDAI, GST, Income Tax)
> * Data breach checking (10B+ leaked passwords)
> * Multi-portal compatibility test
>
> 100% privacy-safe - everything runs in your browser.
>
> Link: [passwordchecker.in](http://passwordchecker.in)
>
> Would love feedback!
**Results:**
* **r/india:** 147 upvotes, 52 comments
* **r/IndiaInvestments:** 89 upvotes, 31 comments
* **r/developersindia:** 203 upvotes, 67 comments
* **Total:** 439 upvotes, 150+ comments
**Traffic spike:** 847 visitors on Day 1
**Also posted on LinkedIn:**
> Just shipped my first public side project!
>
> [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements.
>
> Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind.
>
> Why? Because I got locked out of GST portal three times and got fed up.
**Results:** 212 likes, 38 comments, 5,000+ impressions
---
## The Growth Loop
**Week 1:** 1,247 visitors (mostly Reddit)
**Week 2:** 2,103 visitors (word of mouth + LinkedIn)
**What drove growth:**
1. **Shareability:** Multi-portal test results are screenshot-worthy
2. **Real problem:** Everyone in India deals with government portals
3. **Free + No registration:** Zero friction to try
4. **Privacy-safe:** Users trust it (nothing sent to server)
**Week 3:** Added email capture
Simple form: "Get alerts about data breaches"
**Conversion:** 8% of visitors (84 subscribers in first week)
**Week 4:** Added blog
Started writing about data breaches affecting Indians:
* "Domino's India Breach: 180M Orders Exposed"
* "MobiKwik Leak: 110M Indian Users Affected"
**SEO strategy:** Target long-tail keywords like "how to check password breach india"
**Result:** Google search traffic started trickling in (50-100 visitors/day)
---
## The Tech Stack (Deliberately Simple)
**No frameworks. No build process. No backend.**
Frontend: Vanilla JavaScript Styling: Tailwind CSS (CDN) Hosting: Vercel (free) Domain: Namecheap (₹799) Analytics: Google Analytics (free) Total cost: ₹799
## Why no React?
1. Speed: React bundle = 130KB+ before I write any code
2. Complexity: Overkill for a single-page tool
3. Performance: Vanilla JS is faster to load and execute
4. Portability: No dependencies to maintain
### **Deployment:**
```javascript
git push origin main
#Vercel auto-deploys in 30 seconds
No webpack. No babel. No build step.
Monetization (The Honest Numbers)
Revenue Timeline:
Month 1: ₹0
- Applied for Google AdSense (pending approval)
- Added affiliate links (no clicks yet)
Month 2: ₹1,247
- AdSense approved
- Added password manager affiliates (Bitwarden, 1Password)
- 3 affiliate conversions
Month 3: ₹4,863
- Increased traffic = more ad revenue
- 12 affiliate conversions
- Added "Buy me a coffee" (₹300 in donations)
Month 4: ₹8,200/month
- AdSense: ₹5,100
- Affiliates: ₹2,800
- Donations: ₹300
Not life-changing money, but:
- Covers hosting + domain + coffee
- Validates that free tools CAN make money
- Growing 30-40% month-over-month
What I Learned
-
Ship Fast, Improve Later
v1.0 was embarrassingly simple:
- Just a password checker
- Basic UI
- No breach checking
- No generator
But it solved the core problem. I could have spent 3 months building the "perfect" tool. Instead, I shipped in 2 weekends and added features based on actual user requests.
Best Features Came From Users:
-
Multi-portal benchmark (user suggestion)
-
Readable password generator (user complaint about gibberish)
-
Government portal list (users asked "what about EPFO?")
-
Solve Your Own Problem
I built this because I personally got locked out of the GST portal. I was the target user.
Benefits:
- I understood the pain deeply
- I knew what features mattered
- I could test it myself instantly
- I was passionate about solving it
Contrast with:
"I should build a productivity app for busy executives."
(I'm not a busy executive. How would I know what they need?)
3. Free Tools Can Make Money
Misconception: "Free = No revenue"
Reality: Free tools can monetize via:
- Ads (AdSense)
- Affiliates (recommend paid tools)
- Donations (voluntary support)
- Premium tier (future plan)
Key: Solve a real problem. Traffic will come. Monetization follows.
4. India-Specific = Less Competition
I could have built a generic password checker. But there are 100+ of those.
By focusing on Indian government portals specifically, I:
- Faced less competition
- Attracted a loyal niche
- Solved a problem others ignored
- Created defensibility
Lesson: Niche down. Own a small pond.
5. Marketing is Uncomfortable (Do It Anyway)
I HATED posting on Reddit. I felt like I was spamming. I hesitated for 2 days. But:
- 850 people found my tool on Day 1 because I posted
- 150+ comments were positive
- Zero "spam" complaints
Lesson: Your brain overestimates rejection. Most people are helpful if you're solving a real problem.
Mistakes I Made
-
Didn't Capture Emails Early Enough
Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks.
Fix: Added email form in Week 3. Should have been Day 1.
-
No Analytics Initially
Didn't add Google Analytics until Week 2. Lost data on:
- Which features were most used
- Where traffic came from
- User behavior patterns
Fix: Always add analytics from Day 1, even if it's an ugly MVP.
-
Ignored SEO Initially
Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO.
Result: Google traffic took 6 weeks to start.
Fix: Should have written blog posts from Week 1. SEO is slow—start early.
-
Didn't Ask for Testimonials
Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials.
Fix: Now, I ask users for feedback and save positive responses for social proof.
What's Next
Short-term (Month 5-6):
- Premium tier (₹99/month)
-
Bulk password checking (CSV upload)
-
API access for developers
-
Ad-free experience
-
Priority support
- Browser extension
-
Auto-fill government portals
-
One-click password generation
-
Auto-detect portal requirements
- Mobile app
- Offline password generation
- Biometric security
- Password storage (local only)
Long-term (Year 1):
B2B offering
- Sell to CA firms, tax consultants
- Bulk license for employees
- White-label option
API for developers
- Password validation as a service
- Government portal requirements database
- Integration with other tools
Goal: ₹50,000/month by Month 12
Should You Build a Weekend Project?
Do it if:
✅ You have a specific problem you personally face
✅ Others likely face the same problem
✅ Current solutions are inadequate
✅ You can build an MVP in 2-3 weekends
✅ You're willing to market it (not just build)
Don't do it if:
❌ You're chasing trends ("AI is hot, I'll build an AI tool")
❌ You don't personally understand the problem
❌ You're not willing to talk about it publicly
❌ You expect instant success (takes months)
The Honest Truth About Building in Public
What people show:
- "Just hit 10K users! 🎉"
- "Launched and got featured on ProductHunt!"
- "$10K MRR in 3 months!"
What they don't show:
- Weeks of zero traffic
- Reddit posts with 2 upvotes
- Features nobody uses
- Revenue that doesn't cover the time invested
My reality:
Month 1:Exciting (launch high)
Month 2:Depressing (traffic dropped)
Month 3:Confusing (some features work, some don't)
Month 4: Encouraging (consistent growth)
Building in public is hard. You face rejection publicly. You fail publicly. You struggle publicly.
But:
- You learn publicly
- You get feedback publicly
- You succeed publicly
Worth it? For me, yes. For you? Depends on your goals.
Key Takeaways
- Ship fast - 2 weekends is enough for MVP
- Solve your own problem - Be your target user
- Vanilla JS is underrated - Don't reach for frameworks by default
- Market aggressively - Build AND promote
- Niche down - India-specific > Generic
- Free can monetize - Ads + affiliates + donations
- Marketing is uncomfortable - Do it anyway
- SEO takes time - Start writing Day 1
- Listen to users - Best features come from feedback
- Building in public is hard - But worth it
Try It Yourself
Live: passwordchecker.in
Built with:
- Vanilla JavaScript
- Tailwind CSS
- Have I Been Pwned API
- Love for solving real problems
**Time invested:**40 hours (2 weekends)
**Revenue:**₹8,200/month (Month 4)
Users: 5,000+ (and growing)
Not bad for a side project that started with frustration at a government portal.
What are you building? Drop a comment—I'd love to hear about your weekend projects!
Connect: Follow my build-in-public journey:
- Twitter: @cgnivargi
- LinkedIn: https://www.linkedin.com/in/cnivargi/