I Built a Password Tool in 2 Weekends (And Got 1,000 Users)

Written by hacker3895064 | Published 2025/11/08
Tech Story Tags: password-security | password-manager | password-breached | side-project | password-tools | entrepreneurship-experiences | entrepreneur-mindset | mvp-development

TLDRIndian government portals are a mess when it comes to passwords. Millions of Indians get locked out daily, not knowing what they did wrong. I decided to build something so this would never happen again. Two weekends later, [PasswordChecker.in] was live.via the TL;DR App

No frameworks, no funding, no team—just vanilla JavaScript and a real problem to solve.

I got locked out of the GST portal during tax season.

Not because I forgot my password. I knew my password. The portal just kept saying "Invalid password format."

No explanation. No hint. Just rejection.

After 30 minutes of trial and error (and missing the filing deadline), I decided to build something so this would never happen again.

Two weekends later: PasswordChecker.in was live.

Two weeks after launch: 1,000+ users.

Here's how I did it—and what I learned about shipping fast.

The Problem (Very Specific, Very Real)

Indian government portals are a mess when it comes to passwords:

  • UIDAI (Aadhaar): 8+ characters
  • GST Portal: 10+ characters
  • Income Tax: 12+ characters
  • EPFO: 8-25 characters, expires every 60 days

Each portal has different requirements. No standardization. Unclear error messages.

Result: Millions of Indians get locked out daily, not knowing what they did wrong.

I confirmed this by posting on Reddit: "Anyone else frustrated with GST portal passwords?"

47 replies in 2 hours. All variations of: "YES! It's horrible!"

That's when I knew: This wasn't just my problem. This was EVERYONE's problem.

Weekend 1: Build the MVP

Friday Night (4 hours):

Goal: Basic password strength checker

I started with the simplest possible version:

javascript

// All the code needed for v0.1
function checkPassword(password) {
  const checks = {
    length: password.length >= 8,
    uppercase: /[A-Z]/.test(password),
    lowercase: /[a-z]/.test(password),
    number: /[0-9]/.test(password),
    special: /[!@#$%^&*]/.test(password),
  };
  
  return checks;
}

Added a simple HTML form, Tailwind CSS for styling, and real-time feedback.

Saturday (8 hours):

Morning: Government portal requirements

I spent 3 hours researching official password policies for 10+ government portals. Most don't publish this clearly—I had to test each one manually.

Created a requirements database:

javascript

const portals = {
  uidai: { minLength: 8, maxLength: 32, requiresSpecial: true },
  gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 },
  incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true },
  // ... 7 more portals
};

Afternoon: UI polish

  • Added color-coded strength meter
  • Checkmark indicators for each requirement
  • Portal-specific compliance badges
  • Mobile responsive design

Sunday (8 hours):

Goal: Ship it

  • Bought domain: passwordchecker.in (₹799)
  • Set up hosting on Vercel (free)
  • Connected domain
  • Created basic About/Privacy pages
  • Deployed

Total time:20 hours
Total cost: ₹799 (domain only)

Sunday evening, 6 PM: Clicked "Deploy" and went live.

Weekend 2: Add the Magic Features

The basic checker worked, but users kept asking for more:

"Can you check if my password was leaked?"
"Can you generate a password that works for all portals?"
"Can I test against multiple portals at once?"

Friday Night (3 hours): Integrated Have I Been Pwned API for breach checking:

javascript

async function checkBreach(password) {
  const hash = await sha1(password);
  const prefix = hash.substring(0, 5);
  
  const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`);
  const data = await response.text();
  
  // Check if full hash is in breached passwords
  return data.includes(hash.substring(5));
}

Key insight: k-Anonymity model means I never send the full password to any server. Only the first 5 characters of its hash. Privacy-safe.

Saturday (6 hours):

Built a password generator with a twist:

Problem: Most generators create gibberish like xK9!mP2@dL4q
Solution: Generate readable passwords like Quick7Tiger$42

javascript

function generateReadable() {
  const adj = ['Quick', 'Brave', 'Smart', 'Cool'];
  const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion'];
  const special = ['@', '#', '$', '%'];
  
  return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`;
}


**Result:** Strong passwords that humans can actually remember.

**Sunday (5 hours):**

Multi-portal benchmark feature:

Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons).

This became the **most popular feature**. Users screenshot the results and share on WhatsApp.


---

## Launch Strategy (Reddit + LinkedIn)

**Monday Morning:** Posted on 5 subreddits

Used this template:

> **Title:** I built a free password checker for Indian government portals
>
> **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others.
>
> Features:
>
> * Real-time strength checking
> * Government portal compliance (UIDAI, GST, Income Tax)
> * Data breach checking (10B+ leaked passwords)
> * Multi-portal compatibility test
>
> 100% privacy-safe - everything runs in your browser.
>
> Link: [passwordchecker.in](http://passwordchecker.in)
>
> Would love feedback!

**Results:**

* **r/india:** 147 upvotes, 52 comments
* **r/IndiaInvestments:** 89 upvotes, 31 comments
* **r/developersindia:** 203 upvotes, 67 comments
* **Total:** 439 upvotes, 150+ comments

**Traffic spike:** 847 visitors on Day 1

**Also posted on LinkedIn:**

> Just shipped my first public side project!
>
> [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements.
>
> Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind.
>
> Why? Because I got locked out of GST portal three times and got fed up.

**Results:** 212 likes, 38 comments, 5,000+ impressions


---

## The Growth Loop

**Week 1:** 1,247 visitors (mostly Reddit)

**Week 2:** 2,103 visitors (word of mouth + LinkedIn)

**What drove growth:**


1. **Shareability:** Multi-portal test results are screenshot-worthy
2. **Real problem:** Everyone in India deals with government portals
3. **Free + No registration:** Zero friction to try
4. **Privacy-safe:** Users trust it (nothing sent to server)

**Week 3:** Added email capture

Simple form: "Get alerts about data breaches"

**Conversion:** 8% of visitors (84 subscribers in first week)

**Week 4:** Added blog

Started writing about data breaches affecting Indians:

* "Domino's India Breach: 180M Orders Exposed"
* "MobiKwik Leak: 110M Indian Users Affected"

**SEO strategy:** Target long-tail keywords like "how to check password breach india"

**Result:** Google search traffic started trickling in (50-100 visitors/day)


---

## The Tech Stack (Deliberately Simple)

**No frameworks. No build process. No backend.**

Frontend: Vanilla JavaScript Styling: Tailwind CSS (CDN) Hosting: Vercel (free) Domain: Namecheap (₹799) Analytics: Google Analytics (free) Total cost: ₹799


## Why no React?


1. Speed: React bundle = 130KB+ before I write any code 
2. Complexity: Overkill for a single-page tool 
3. Performance: Vanilla JS is faster to load and execute 
4. Portability: No dependencies to maintain

### **Deployment:**

```javascript
git push origin main
#Vercel auto-deploys in 30 seconds

No webpack. No babel. No build step.

Monetization (The Honest Numbers)

Revenue Timeline:

Month 1: ₹0

  • Applied for Google AdSense (pending approval)
  • Added affiliate links (no clicks yet)

Month 2: ₹1,247

  • AdSense approved
  • Added password manager affiliates (Bitwarden, 1Password)
  • 3 affiliate conversions

Month 3: ₹4,863

  • Increased traffic = more ad revenue
  • 12 affiliate conversions
  • Added "Buy me a coffee" (₹300 in donations)

Month 4: ₹8,200/month

  • AdSense: ₹5,100
  • Affiliates: ₹2,800
  • Donations: ₹300

Not life-changing money, but:

  • Covers hosting + domain + coffee
  • Validates that free tools CAN make money
  • Growing 30-40% month-over-month

What I Learned

  1. Ship Fast, Improve Later

    v1.0 was embarrassingly simple:

  • Just a password checker
  • Basic UI
  • No breach checking
  • No generator

But it solved the core problem. I could have spent 3 months building the "perfect" tool. Instead, I shipped in 2 weekends and added features based on actual user requests.

Best Features Came From Users:

  • Multi-portal benchmark (user suggestion)

  • Readable password generator (user complaint about gibberish)

  • Government portal list (users asked "what about EPFO?")

  1. Solve Your Own Problem

    I built this because I personally got locked out of the GST portal. I was the target user.

    Benefits:

  • I understood the pain deeply
  • I knew what features mattered
  • I could test it myself instantly
  • I was passionate about solving it

Contrast with:

"I should build a productivity app for busy executives."

(I'm not a busy executive. How would I know what they need?)

3. Free Tools Can Make Money

Misconception: "Free = No revenue"

Reality: Free tools can monetize via:

  • Ads (AdSense)
  • Affiliates (recommend paid tools)
  • Donations (voluntary support)
  • Premium tier (future plan)

Key: Solve a real problem. Traffic will come. Monetization follows.

4. India-Specific = Less Competition

I could have built a generic password checker. But there are 100+ of those.

By focusing on Indian government portals specifically, I:

  • Faced less competition
  • Attracted a loyal niche
  • Solved a problem others ignored
  • Created defensibility

Lesson: Niche down. Own a small pond.

5. Marketing is Uncomfortable (Do It Anyway)

I HATED posting on Reddit. I felt like I was spamming. I hesitated for 2 days. But:

  • 850 people found my tool on Day 1 because I posted
  • 150+ comments were positive
  • Zero "spam" complaints

Lesson: Your brain overestimates rejection. Most people are helpful if you're solving a real problem.

Mistakes I Made

  1. Didn't Capture Emails Early Enough

    Launched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks.

    Fix: Added email form in Week 3. Should have been Day 1.

  2. No Analytics Initially

    Didn't add Google Analytics until Week 2. Lost data on:

  • Which features were most used
  • Where traffic came from
  • User behavior patterns

Fix: Always add analytics from Day 1, even if it's an ugly MVP.

  1. Ignored SEO Initially

    Focused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO.

    Result: Google traffic took 6 weeks to start.

    Fix: Should have written blog posts from Week 1. SEO is slow—start early.

  2. Didn't Ask for Testimonials

    Had dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials.

    Fix: Now, I ask users for feedback and save positive responses for social proof.

What's Next

Short-term (Month 5-6):

  1. Premium tier (₹99/month)

  • Bulk password checking (CSV upload)

  • API access for developers

  • Ad-free experience

  • Priority support

  1. Browser extension

  • Auto-fill government portals

  • One-click password generation

  • Auto-detect portal requirements

  1. Mobile app
  • Offline password generation
  • Biometric security
  • Password storage (local only)

Long-term (Year 1):

B2B offering

  • Sell to CA firms, tax consultants
  • Bulk license for employees
  • White-label option

API for developers

  • Password validation as a service
  • Government portal requirements database
  • Integration with other tools

Goal: ₹50,000/month by Month 12

Should You Build a Weekend Project?

Do it if:

✅ You have a specific problem you personally face
✅ Others likely face the same problem
✅ Current solutions are inadequate
✅ You can build an MVP in 2-3 weekends
✅ You're willing to market it (not just build)

Don't do it if:

❌ You're chasing trends ("AI is hot, I'll build an AI tool")
❌ You don't personally understand the problem
❌ You're not willing to talk about it publicly
❌ You expect instant success (takes months)

The Honest Truth About Building in Public

What people show:

  • "Just hit 10K users! 🎉"
  • "Launched and got featured on ProductHunt!"
  • "$10K MRR in 3 months!"

What they don't show:

  • Weeks of zero traffic
  • Reddit posts with 2 upvotes
  • Features nobody uses
  • Revenue that doesn't cover the time invested

My reality:

Month 1:Exciting (launch high)
Month 2:Depressing (traffic dropped)
Month 3:Confusing (some features work, some don't)
Month 4: Encouraging (consistent growth)

Building in public is hard. You face rejection publicly. You fail publicly. You struggle publicly.

But:

  • You learn publicly
  • You get feedback publicly
  • You succeed publicly

Worth it? For me, yes. For you? Depends on your goals.

Key Takeaways

  1. Ship fast - 2 weekends is enough for MVP
  2. Solve your own problem - Be your target user
  3. Vanilla JS is underrated - Don't reach for frameworks by default
  4. Market aggressively - Build AND promote
  5. Niche down - India-specific > Generic
  6. Free can monetize - Ads + affiliates + donations
  7. Marketing is uncomfortable - Do it anyway
  8. SEO takes time - Start writing Day 1
  9. Listen to users - Best features come from feedback
  10. Building in public is hard - But worth it

Try It Yourself

Live: passwordchecker.in

Built with:

  • Vanilla JavaScript
  • Tailwind CSS
  • Have I Been Pwned API
  • Love for solving real problems

**Time invested:**40 hours (2 weekends)
**Revenue:**₹8,200/month (Month 4)
Users: 5,000+ (and growing)

Not bad for a side project that started with frustration at a government portal.

What are you building? Drop a comment—I'd love to hear about your weekend projects!

Connect: Follow my build-in-public journey:

Published by HackerNoon on 2025/11/08
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy