No frameworks, no funding, no team—just vanilla JavaScript and a real problem to solve. I got locked out of the GST portal during tax season. Not because I forgot my password. I knew my password. The portal just kept saying "Invalid password format." knew No explanation. No hint. Just rejection. After 30 minutes of trial and error (and missing the filing deadline), I decided to build something so this would never happen again. Two weekends later: PasswordChecker.in was live. Two weekends later: PasswordChecker.in Two weeks after launch: 1,000+ users. Two weeks after launch: Here's how I did it—and what I learned about shipping fast. The Problem (Very Specific, Very Real) Indian government portals are a mess when it comes to passwords: UIDAI (Aadhaar): 8+ characters GST Portal: 10+ characters Income Tax: 12+ characters EPFO: 8-25 characters, expires every 60 days UIDAI (Aadhaar): 8+ characters UIDAI (Aadhaar): GST Portal: 10+ characters GST Portal: Income Tax: 12+ characters Income Tax: EPFO: 8-25 characters, expires every 60 days EPFO: Each portal has different requirements. No standardization. Unclear error messages. Result: Millions of Indians get locked out daily, not knowing what they did wrong. Result: I confirmed this by posting on Reddit: "Anyone else frustrated with GST portal passwords?" 47 replies in 2 hours. All variations of: "YES! It's horrible!" 47 replies in 2 hours. That's when I knew: This wasn't just my problem. This was EVERYONE's problem. That's when I knew: Weekend 1: Build the MVP Friday Night (4 hours): Friday Night (4 hours): Goal: Basic password strength checker Goal: I started with the simplest possible version: javascript // All the code needed for v0.1 function checkPassword(password) { const checks = { length: password.length >= 8, uppercase: /[A-Z]/.test(password), lowercase: /[a-z]/.test(password), number: /[0-9]/.test(password), special: /[!@#$%^&*]/.test(password), }; return checks; } // All the code needed for v0.1 function checkPassword(password) { const checks = { length: password.length >= 8, uppercase: /[A-Z]/.test(password), lowercase: /[a-z]/.test(password), number: /[0-9]/.test(password), special: /[!@#$%^&*]/.test(password), }; return checks; } Added a simple HTML form, Tailwind CSS for styling, and real-time feedback. Saturday (8 hours): Saturday (8 hours): Morning: Government portal requirements Morning: I spent 3 hours researching official password policies for 10+ government portals. Most don't publish this clearly—I had to test each one manually. Created a requirements database: javascript const portals = { uidai: { minLength: 8, maxLength: 32, requiresSpecial: true }, gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 }, incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true }, // ... 7 more portals }; const portals = { uidai: { minLength: 8, maxLength: 32, requiresSpecial: true }, gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 }, incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true }, // ... 7 more portals }; Afternoon: UI polish Afternoon: Added color-coded strength meter Checkmark indicators for each requirement Portal-specific compliance badges Mobile responsive design Added color-coded strength meter Checkmark indicators for each requirement Portal-specific compliance badges Mobile responsive design Sunday (8 hours): Sunday (8 hours): Goal: Ship it Goal: Bought domain: passwordchecker.in (₹799) Set up hosting on Vercel (free) Connected domain Created basic About/Privacy pages Deployed Bought domain: passwordchecker.in (₹799) Set up hosting on Vercel (free) Connected domain Created basic About/Privacy pages Deployed Total time:20 hoursTotal cost: ₹799 (domain only) Total time: Total cost: Sunday evening, 6 PM: Clicked "Deploy" and went live. Sunday evening, 6 PM: Weekend 2: Add the Magic Features The basic checker worked, but users kept asking for more: "Can you check if my password was leaked?""Can you generate a password that works for all portals?""Can I test against multiple portals at once?" "Can you check if my password was leaked?""Can you generate a password that works for all portals?""Can I test against multiple portals at once?" Friday Night (3 hours): Integrated Have I Been Pwned API for breach checking: Friday Night (3 hours): javascript async function checkBreach(password) { const hash = await sha1(password); const prefix = hash.substring(0, 5); const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`); const data = await response.text(); // Check if full hash is in breached passwords return data.includes(hash.substring(5)); } async function checkBreach(password) { const hash = await sha1(password); const prefix = hash.substring(0, 5); const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`); const data = await response.text(); // Check if full hash is in breached passwords return data.includes(hash.substring(5)); } Key insight: k-Anonymity model means I never send the full password to any server. Only the first 5 characters of its hash. Privacy-safe. Key insight: Saturday (6 hours): Saturday (6 hours): Built a password generator with a twist: Problem: Most generators create gibberish like xK9!mP2@dL4qSolution: Generate readable passwords like Quick7Tiger$42 Problem: xK9!mP2@dL4q Solution: readable Quick7Tiger$42 javascript function generateReadable() { const adj = ['Quick', 'Brave', 'Smart', 'Cool']; const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion']; const special = ['@', '#', '$', '%']; return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`; } function generateReadable() { const adj = ['Quick', 'Brave', 'Smart', 'Cool']; const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion']; const special = ['@', '#', '$', '%']; return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`; } **Result:** Strong passwords that humans can actually remember. **Sunday (5 hours):** Multi-portal benchmark feature: Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons). This became the **most popular feature**. Users screenshot the results and share on WhatsApp. --- ## Launch Strategy (Reddit + LinkedIn) **Monday Morning:** Posted on 5 subreddits Used this template: > **Title:** I built a free password checker for Indian government portals > > **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others. > > Features: > > * Real-time strength checking > * Government portal compliance (UIDAI, GST, Income Tax) > * Data breach checking (10B+ leaked passwords) > * Multi-portal compatibility test > > 100% privacy-safe - everything runs in your browser. > > Link: [passwordchecker.in](http://passwordchecker.in) > > Would love feedback! **Results:** * **r/india:** 147 upvotes, 52 comments * **r/IndiaInvestments:** 89 upvotes, 31 comments * **r/developersindia:** 203 upvotes, 67 comments * **Total:** 439 upvotes, 150+ comments **Traffic spike:** 847 visitors on Day 1 **Also posted on LinkedIn:** > Just shipped my first public side project! > > [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements. > > Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind. > > Why? Because I got locked out of GST portal three times and got fed up. **Results:** 212 likes, 38 comments, 5,000+ impressions --- ## The Growth Loop **Week 1:** 1,247 visitors (mostly Reddit) **Week 2:** 2,103 visitors (word of mouth + LinkedIn) **What drove growth:** 1. **Shareability:** Multi-portal test results are screenshot-worthy 2. **Real problem:** Everyone in India deals with government portals 3. **Free + No registration:** Zero friction to try 4. **Privacy-safe:** Users trust it (nothing sent to server) **Week 3:** Added email capture Simple form: "Get alerts about data breaches" **Conversion:** 8% of visitors (84 subscribers in first week) **Week 4:** Added blog Started writing about data breaches affecting Indians: * "Domino's India Breach: 180M Orders Exposed" * "MobiKwik Leak: 110M Indian Users Affected" **SEO strategy:** Target long-tail keywords like "how to check password breach india" **Result:** Google search traffic started trickling in (50-100 visitors/day) --- ## The Tech Stack (Deliberately Simple) **No frameworks. No build process. No backend.** **Result:** Strong passwords that humans can actually remember. **Sunday (5 hours):** Multi-portal benchmark feature: Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons). This became the **most popular feature**. Users screenshot the results and share on WhatsApp. --- ## Launch Strategy (Reddit + LinkedIn) **Monday Morning:** Posted on 5 subreddits Used this template: > **Title:** I built a free password checker for Indian government portals > > **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others. > > Features: > > * Real-time strength checking > * Government portal compliance (UIDAI, GST, Income Tax) > * Data breach checking (10B+ leaked passwords) > * Multi-portal compatibility test > > 100% privacy-safe - everything runs in your browser. > > Link: [passwordchecker.in](http://passwordchecker.in) > > Would love feedback! **Results:** * **r/india:** 147 upvotes, 52 comments * **r/IndiaInvestments:** 89 upvotes, 31 comments * **r/developersindia:** 203 upvotes, 67 comments * **Total:** 439 upvotes, 150+ comments **Traffic spike:** 847 visitors on Day 1 **Also posted on LinkedIn:** > Just shipped my first public side project! > > [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements. > > Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind. > > Why? Because I got locked out of GST portal three times and got fed up. **Results:** 212 likes, 38 comments, 5,000+ impressions --- ## The Growth Loop **Week 1:** 1,247 visitors (mostly Reddit) **Week 2:** 2,103 visitors (word of mouth + LinkedIn) **What drove growth:** 1. **Shareability:** Multi-portal test results are screenshot-worthy 2. **Real problem:** Everyone in India deals with government portals 3. **Free + No registration:** Zero friction to try 4. **Privacy-safe:** Users trust it (nothing sent to server) **Week 3:** Added email capture Simple form: "Get alerts about data breaches" **Conversion:** 8% of visitors (84 subscribers in first week) **Week 4:** Added blog Started writing about data breaches affecting Indians: * "Domino's India Breach: 180M Orders Exposed" * "MobiKwik Leak: 110M Indian Users Affected" **SEO strategy:** Target long-tail keywords like "how to check password breach india" **Result:** Google search traffic started trickling in (50-100 visitors/day) --- ## The Tech Stack (Deliberately Simple) **No frameworks. No build process. No backend.** Frontend: Vanilla JavaScript Styling: Tailwind CSS (CDN) Hosting: Vercel (free) Domain: Namecheap (₹799) Analytics: Google Analytics (free) Total cost: ₹799 ## Why no React? 1. Speed: React bundle = 130KB+ before I write any code 2. Complexity: Overkill for a single-page tool 3. Performance: Vanilla JS is faster to load and execute 4. Portability: No dependencies to maintain ### **Deployment:** ```javascript git push origin main #Vercel auto-deploys in 30 seconds ## Why no React? 1. Speed: React bundle = 130KB+ before I write any code 2. Complexity: Overkill for a single-page tool 3. Performance: Vanilla JS is faster to load and execute 4. Portability: No dependencies to maintain ### **Deployment:** ```javascript git push origin main #Vercel auto-deploys in 30 seconds No webpack. No babel. No build step. Monetization (The Honest Numbers) Revenue Timeline: Month 1: ₹0 Applied for Google AdSense (pending approval) Added affiliate links (no clicks yet) Applied for Google AdSense (pending approval) Added affiliate links (no clicks yet) Month 2: ₹1,247 AdSense approved Added password manager affiliates (Bitwarden, 1Password) 3 affiliate conversions AdSense approved Added password manager affiliates (Bitwarden, 1Password) 3 affiliate conversions Month 3: ₹4,863 Increased traffic = more ad revenue 12 affiliate conversions Added "Buy me a coffee" (₹300 in donations) Increased traffic = more ad revenue 12 affiliate conversions Added "Buy me a coffee" (₹300 in donations) Month 4: ₹8,200/month AdSense: ₹5,100 Affiliates: ₹2,800 Donations: ₹300 AdSense: ₹5,100 Affiliates: ₹2,800 Donations: ₹300 Not life-changing money, but: Covers hosting + domain + coffee Validates that free tools CAN make money Growing 30-40% month-over-month Covers hosting + domain + coffee Validates that free tools CAN make money Growing 30-40% month-over-month What I Learned Ship Fast, Improve Later v1.0 was embarrassingly simple: Ship Fast, Improve Later v1.0 was embarrassingly simple: Ship Fast, Improve Later Ship Fast, Improve Later v1.0 was embarrassingly simple: Just a password checker Basic UI No breach checking No generator Just a password checker Basic UI No breach checking No generator But it solved the core problem. I could have spent 3 months building the "perfect" tool. Instead, I shipped in 2 weekends and added features based on actual user requests. But it solved the core problem Best Features Came From Users: Multi-portal benchmark (user suggestion) Readable password generator (user complaint about gibberish) Government portal list (users asked "what about EPFO?") Multi-portal benchmark (user suggestion) Multi-portal benchmark (user suggestion) Readable password generator (user complaint about gibberish) Readable password generator (user complaint about gibberish) Government portal list (users asked "what about EPFO?") Government portal list (users asked "what about EPFO?") Solve Your Own Problem I built this because I personally got locked out of the GST portal. I was the target user. Benefits: Solve Your Own Problem I built this because I personally got locked out of the GST portal. I was the target user. Benefits: Solve Your Own Problem Solve Your Own Problem I built this because I personally got locked out of the GST portal. I was the target user. Benefits: I understood the pain deeply I knew what features mattered I could test it myself instantly I was passionate about solving it I understood the pain deeply I knew what features mattered I could test it myself instantly I was passionate about solving it Contrast with: Contrast with: "I should build a productivity app for busy executives." (I'm not a busy executive. How would I know what they need?) 3. Free Tools Can Make Money Misconception: "Free = No revenue" Reality: Free tools can monetize via: Ads (AdSense) Affiliates (recommend paid tools) Donations (voluntary support) Premium tier (future plan) Ads (AdSense) Affiliates (recommend paid tools) Donations (voluntary support) Premium tier (future plan) Key: Solve a real problem. Traffic will come. Monetization follows. 4. India-Specific = Less Competition I could have built a generic password checker. But there are 100+ of those. By focusing on Indian government portals specifically, I: Faced less competition Attracted a loyal niche Solved a problem others ignored Created defensibility Faced less competition Attracted a loyal niche Solved a problem others ignored Created defensibility Lesson: Niche down. Own a small pond. Lesson 5. Marketing is Uncomfortable (Do It Anyway) I HATED posting on Reddit. I felt like I was spamming. I hesitated for 2 days. But: 850 people found my tool on Day 1 because I posted 150+ comments were positive Zero "spam" complaints 850 people found my tool on Day 1 because I posted 150+ comments were positive Zero "spam" complaints Lesson: Your brain overestimates rejection. Most people are helpful if you're solving a real problem. Lesson Mistakes I Made Didn't Capture Emails Early Enough Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks. Fix: Added email form in Week 3. Should have been Day 1. No Analytics Initially Didn't add Google Analytics until Week 2. Lost data on: Didn't Capture Emails Early Enough Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks. Fix: Added email form in Week 3. Should have been Day 1. Didn't Capture Emails Early Enough Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks. Fix: Added email form in Week 3. Should have been Day 1. No Analytics Initially Didn't add Google Analytics until Week 2. Lost data on: No Analytics Initially Didn't add Google Analytics until Week 2. Lost data on: Which features were most used Where traffic came from User behavior patterns Which features were most used Where traffic came from User behavior patterns Fix: Always add analytics from Day 1, even if it's an ugly MVP. Fix Ignored SEO Initially Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO. Result: Google traffic took 6 weeks to start. Fix: Should have written blog posts from Week 1. SEO is slow—start early. Didn't Ask for Testimonials Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials. Fix: Now, I ask users for feedback and save positive responses for social proof. Ignored SEO Initially Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO. Result: Google traffic took 6 weeks to start. Fix: Should have written blog posts from Week 1. SEO is slow—start early. Ignored SEO Initially Ignored SEO Initially Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO. Result: Google traffic took 6 weeks to start. Fix: Should have written blog posts from Week 1. SEO is slow—start early. Didn't Ask for Testimonials Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials. Fix: Now, I ask users for feedback and save positive responses for social proof. Didn't Ask for Testimonials Didn't Ask for Testimonials Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials. Fix: Now, I ask users for feedback and save positive responses for social proof. Fix What's Next Short-term (Month 5-6): Premium tier (₹99/month) Premium tier (₹99/month) Bulk password checking (CSV upload) API access for developers Ad-free experience Priority support Bulk password checking (CSV upload) Bulk password checking (CSV upload) API access for developers API access for developers Ad-free experience Ad-free experience Priority support Priority support Browser extension Browser extension Auto-fill government portals One-click password generation Auto-detect portal requirements Auto-fill government portals Auto-fill government portals One-click password generation One-click password generation Auto-detect portal requirements Auto-detect portal requirements Mobile app Mobile app Offline password generation Biometric security Password storage (local only) Offline password generation Biometric security Password storage (local only) Long-term (Year 1): B2B offering Sell to CA firms, tax consultants Bulk license for employees White-label option Sell to CA firms, tax consultants Bulk license for employees White-label option API for developers Password validation as a service Government portal requirements database Integration with other tools Password validation as a service Government portal requirements database Integration with other tools Goal: ₹50,000/month by Month 12 Goal Should You Build a Weekend Project? Do it if: Do it if: ✅ You have a specific problem you personally face✅ Others likely face the same problem✅ Current solutions are inadequate✅ You can build an MVP in 2-3 weekends✅ You're willing to market it (not just build) Don't do it if: Don't do it if: ❌ You're chasing trends ("AI is hot, I'll build an AI tool")❌ You don't personally understand the problem❌ You're not willing to talk about it publicly❌ You expect instant success (takes months) The Honest Truth About Building in Public What people show: What people show: "Just hit 10K users! 🎉" "Launched and got featured on ProductHunt!" "$10K MRR in 3 months!" "Just hit 10K users! 🎉" "Launched and got featured on ProductHunt!" "$10K MRR in 3 months!" What they don't show: What they don't show: Weeks of zero traffic Reddit posts with 2 upvotes Features nobody uses Revenue that doesn't cover the time invested Weeks of zero traffic Reddit posts with 2 upvotes Features nobody uses Revenue that doesn't cover the time invested My reality: My reality: Month 1:Exciting (launch high)Month 2:Depressing (traffic dropped)Month 3:Confusing (some features work, some don't)Month 4: Encouraging (consistent growth) Month 1: Month 2: Month 3: Month 4: Building in public is hard. You face rejection publicly. You fail publicly. You struggle publicly. Building in public is hard. But: But: You learn publicly You get feedback publicly You succeed publicly You learn publicly You get feedback publicly You succeed publicly Worth it? For me, yes. For you? Depends on your goals. Worth it? Key Takeaways Ship fast - 2 weekends is enough for MVP Solve your own problem - Be your target user Vanilla JS is underrated - Don't reach for frameworks by default Market aggressively - Build AND promote Niche down - India-specific > Generic Free can monetize - Ads + affiliates + donations Marketing is uncomfortable - Do it anyway SEO takes time - Start writing Day 1 Listen to users - Best features come from feedback Building in public is hard - But worth it Ship fast - 2 weekends is enough for MVP Ship fast Solve your own problem - Be your target user Solve your own problem Vanilla JS is underrated - Don't reach for frameworks by default Vanilla JS is underrated Market aggressively - Build AND promote Market aggressively Niche down - India-specific > Generic Niche down Free can monetize - Ads + affiliates + donations Free can monetize Marketing is uncomfortable - Do it anyway Marketing is uncomfortable SEO takes time - Start writing Day 1 SEO takes time Listen to users - Best features come from feedback Listen to users Building in public is hard - But worth it Building in public is hard Try It Yourself Live: passwordchecker.in Live: passwordchecker.in Built with: Built with: Vanilla JavaScript Tailwind CSS Have I Been Pwned API Love for solving real problems Vanilla JavaScript Tailwind CSS Have I Been Pwned API Love for solving real problems **Time invested:**40 hours (2 weekends)**Revenue:**₹8,200/month (Month 4)Users: 5,000+ (and growing) Users: Not bad for a side project that started with frustration at a government portal. What are you building? Drop a comment—I'd love to hear about your weekend projects! What are you building? Connect: Follow my build-in-public journey: Connect: Twitter: @cgnivargi LinkedIn: https://www.linkedin.com/in/cnivargi/ Twitter: @cgnivargi LinkedIn: https://www.linkedin.com/in/cnivargi/ https://www.linkedin.com/in/cnivargi/
