No frameworks, no funding, no team—just vanilla JavaScript and a real problem to solve.\I got locked out of the GST portal during tax season.\Not because I forgot my password. I knew my password. The portal just kept saying "Invalid password format."\No explanation. No hint. Just rejection.\After 30 minutes of trial and error (and missing the filing deadline), I decided to build something so this would never happen again.\Two weekends later: PasswordChecker.in was live.\Two weeks after launch: 1,000+ users.\Here's how I did it—and what I learned about shipping fast.The Problem (Very Specific, Very Real)Indian government portals are a mess when it comes to passwords:UIDAI (Aadhaar): 8+ charactersGST Portal: 10+ charactersIncome Tax: 12+ charactersEPFO: 8-25 characters, expires every 60 days\Each portal has different requirements. No standardization. Unclear error messages.\Result: Millions of Indians get locked out daily, not knowing what they did wrong.\I confirmed this by posting on Reddit: "Anyone else frustrated with GST portal passwords?"\47 replies in 2 hours. All variations of: "YES! It's horrible!"\That's when I knew: This wasn't just my problem. This was EVERYONE's problem.Weekend 1: Build the MVPFriday Night (4 hours):Goal: Basic password strength checker\I started with the simplest possible version:javascript// All the code needed for v0.1function checkPassword(password) { const checks = { length: password.length >= 8, uppercase: /[A-Z]/.test(password), lowercase: /[a-z]/.test(password), number: /[0-9]/.test(password), special: /[!@#$%^&*]/.test(password), }; return checks;}Added a simple HTML form, Tailwind CSS for styling, and real-time feedback.\Saturday (8 hours):Morning: Government portal requirements\I spent 3 hours researching official password policies for 10+ government portals. Most don't publish this clearly—I had to test each one manually.\Created a requirements database:javascriptconst portals = { uidai: { minLength: 8, maxLength: 32, requiresSpecial: true }, gstn: { minLength: 10, maxLength: 15, requiresSpecial: true, expiresAfter: 120 }, incomeTax: { minLength: 12, maxLength: 14, requiresSpecial: true }, // ... 7 more portals};Afternoon: UI polishAdded color-coded strength meterCheckmark indicators for each requirementPortal-specific compliance badgesMobile responsive design\Sunday (8 hours):Goal: Ship itBought domain: passwordchecker.in (₹799)Set up hosting on Vercel (free)Connected domainCreated basic About/Privacy pagesDeployed\Total time: 20 hours \n Total cost: ₹799 (domain only)Sunday evening, 6 PM: Clicked "Deploy" and went live.Weekend 2: Add the Magic FeaturesThe basic checker worked, but users kept asking for more: "Can you check if my password was leaked?" \n "Can you generate a password that works for all portals?" \n "Can I test against multiple portals at once?"\Friday Night (3 hours): Integrated Have I Been Pwned API for breach checking:javascriptasync function checkBreach(password) { const hash = await sha1(password); const prefix = hash.substring(0, 5); const response = await fetch(`https://api.pwnedpasswords.com/range/${prefix}`); const data = await response.text(); // Check if full hash is in breached passwords return data.includes(hash.substring(5));}Key insight: k-Anonymity model means I never send the full password to any server. Only the first 5 characters of its hash. Privacy-safe.\Saturday (6 hours):Built a password generator with a twist:Problem: Most generators create gibberish like xK9!mP2@dL4q \n Solution: Generate readable passwords like Quick7Tiger$42\javascriptfunction generateReadable() { const adj = ['Quick', 'Brave', 'Smart', 'Cool']; const noun = ['Tiger', 'Eagle', 'Wolf', 'Lion']; const special = ['@', '#', '$', '%']; return `${random(adj)}${randomDigit()}${random(noun)}${random(special)}${randomDigit()}${randomDigit()}`;}**Result:** Strong passwords that humans can actually remember.**Sunday (5 hours):**Multi-portal benchmark feature:Test ONE password against 10 portals simultaneously. Show exactly which portals accept it and which reject it (with reasons).This became the **most popular feature**. Users screenshot the results and share on WhatsApp.---## Launch Strategy (Reddit + LinkedIn)**Monday Morning:** Posted on 5 subredditsUsed this template:> **Title:** I built a free password checker for Indian government portals>> **Body:** Got frustrated with GST portal rejecting my password without explanation. Built this tool over the weekend to help others.>> Features:>> * Real-time strength checking> * Government portal compliance (UIDAI, GST, Income Tax)> * Data breach checking (10B+ leaked passwords)> * Multi-portal compatibility test>> 100% privacy-safe - everything runs in your browser.>> Link: [passwordchecker.in](http://passwordchecker.in)>> Would love feedback!**Results:*** **r/india:** 147 upvotes, 52 comments* **r/IndiaInvestments:** 89 upvotes, 31 comments* **r/developersindia:** 203 upvotes, 67 comments* **Total:** 439 upvotes, 150+ comments**Traffic spike:** 847 visitors on Day 1**Also posted on LinkedIn:**> Just shipped my first public side project!>> [PasswordChecker.in](http://PasswordChecker.in) - A free tool for checking password strength against Indian government portal requirements.>> Built in 2 weekends. No frameworks. Just vanilla JS + Tailwind.>> Why? Because I got locked out of GST portal three times and got fed up.**Results:** 212 likes, 38 comments, 5,000+ impressions---## The Growth Loop**Week 1:** 1,247 visitors (mostly Reddit)**Week 2:** 2,103 visitors (word of mouth + LinkedIn)**What drove growth:**1. **Shareability:** Multi-portal test results are screenshot-worthy2. **Real problem:** Everyone in India deals with government portals3. **Free + No registration:** Zero friction to try4. **Privacy-safe:** Users trust it (nothing sent to server)**Week 3:** Added email captureSimple form: "Get alerts about data breaches"**Conversion:** 8% of visitors (84 subscribers in first week)**Week 4:** Added blogStarted writing about data breaches affecting Indians:* "Domino's India Breach: 180M Orders Exposed"* "MobiKwik Leak: 110M Indian Users Affected"**SEO strategy:** Target long-tail keywords like "how to check password breach india"**Result:** Google search traffic started trickling in (50-100 visitors/day)---## The Tech Stack (Deliberately Simple)**No frameworks. No build process. No backend.**Frontend: Vanilla JavaScript Styling: Tailwind CSS (CDN) Hosting: Vercel (free) Domain: Namecheap (₹799) Analytics: Google Analytics (free) Total cost: ₹799## Why no React?1. Speed: React bundle = 130KB+ before I write any code 2. Complexity: Overkill for a single-page tool 3. Performance: Vanilla JS is faster to load and execute 4. Portability: No dependencies to maintain### **Deployment:**javascriptgit push origin mainVercel auto-deploys in 30 seconds```No webpack. No babel. No build step.Monetization (The Honest Numbers)Revenue Timeline:Month 1: ₹0Applied for Google AdSense (pending approval)Added affiliate links (no clicks yet)Month 2: ₹1,247AdSense approvedAdded password manager affiliates (Bitwarden, 1Password)3 affiliate conversionsMonth 3: ₹4,863Increased traffic = more ad revenue12 affiliate conversionsAdded "Buy me a coffee" (₹300 in donations)Month 4: ₹8,200/monthAdSense: ₹5,100Affiliates: ₹2,800Donations: ₹300Not life-changing money, but:Covers hosting + domain + coffeeValidates that free tools CAN make moneyGrowing 30-40% month-over-monthWhat I LearnedShip Fast, Improve Laterv1.0 was embarrassingly simple:Just a password checkerBasic UINo breach checkingNo generator\But it solved the core problem. I could have spent 3 months building the "perfect" tool. Instead, I shipped in 2 weekends and added features based on actual user requests.Best Features Came From Users:Multi-portal benchmark (user suggestion)Readable password generator (user complaint about gibberish)Government portal list (users asked "what about EPFO?")\Solve Your Own ProblemI built this because I personally got locked out of the GST portal. I was the target user.Benefits:I understood the pain deeplyI knew what features matteredI could test it myself instantlyI was passionate about solving it\Contrast with:"I should build a productivity app for busy executives."\(I'm not a busy executive. How would I know what they need?)3. Free Tools Can Make MoneyMisconception: "Free = No revenue"\Reality: Free tools can monetize via:Ads (AdSense)Affiliates (recommend paid tools)Donations (voluntary support)Premium tier (future plan)\Key: Solve a real problem. Traffic will come. Monetization follows.4. India-Specific = Less CompetitionI could have built a generic password checker. But there are 100+ of those.\By focusing on Indian government portals specifically, I:Faced less competitionAttracted a loyal nicheSolved a problem others ignoredCreated defensibility\Lesson: Niche down. Own a small pond.5. Marketing is Uncomfortable (Do It Anyway)I HATED posting on Reddit. I felt like I was spamming. I hesitated for 2 days. But:850 people found my tool on Day 1 because I posted150+ comments were positiveZero "spam" complaints\Lesson: Your brain overestimates rejection. Most people are helpful if you're solving a real problem.Mistakes I MadeDidn't Capture Emails Early EnoughLaunched without email capture. Lost 1,000+ potential subscribers in the first 2 weeks.Fix: Added email form in Week 3. Should have been Day 1.\No Analytics InitiallyDidn't add Google Analytics until Week 2. Lost data on:Which features were most usedWhere traffic came fromUser behavior patternsFix: Always add analytics from Day 1, even if it's an ugly MVP.\Ignored SEO InitiallyFocused only on social media traffic (Reddit, LinkedIn). Didn't think about SEO.Result: Google traffic took 6 weeks to start.Fix: Should have written blog posts from Week 1. SEO is slow—start early.\Didn't Ask for TestimonialsHad dozens of happy users commenting on Reddit/LinkedIn. Didn't save their comments or ask for testimonials.Fix: Now, I ask users for feedback and save positive responses for social proof.What's NextShort-term (Month 5-6):Premium tier (₹99/month)Bulk password checking (CSV upload)API access for developersAd-free experiencePriority support\Browser extensionAuto-fill government portalsOne-click password generationAuto-detect portal requirements\Mobile appOffline password generationBiometric securityPassword storage (local only)Long-term (Year 1):B2B offeringSell to CA firms, tax consultantsBulk license for employeesWhite-label optionAPI for developersPassword validation as a serviceGovernment portal requirements databaseIntegration with other tools\Goal: ₹50,000/month by Month 12Should You Build a Weekend Project?Do it if:✅ You have a specific problem you personally face \n ✅ Others likely face the same problem \n ✅ Current solutions are inadequate \n ✅ You can build an MVP in 2-3 weekends \n ✅ You're willing to market it (not just build)Don't do it if:❌ You're chasing trends ("AI is hot, I'll build an AI tool") \n ❌ You don't personally understand the problem \n ❌ You're not willing to talk about it publicly \n ❌ You expect instant success (takes months)The Honest Truth About Building in PublicWhat people show:"Just hit 10K users! 🎉""Launched and got featured on ProductHunt!""$10K MRR in 3 months!"\What they don't show:Weeks of zero trafficReddit posts with 2 upvotesFeatures nobody usesRevenue that doesn't cover the time invested\My reality:Month 1: Exciting (launch high) \n Month 2: Depressing (traffic dropped) \n Month 3: Confusing (some features work, some don't) \n Month 4: Encouraging (consistent growth)\\Building in public is hard. You face rejection publicly. You fail publicly. You struggle publicly.\But:You learn publiclyYou get feedback publiclyYou succeed publicly\Worth it? For me, yes. For you? Depends on your goals.Key TakeawaysShip fast - 2 weekends is enough for MVPSolve your own problem - Be your target userVanilla JS is underrated - Don't reach for frameworks by defaultMarket aggressively - Build AND promoteNiche down - India-specific > GenericFree can monetize - Ads + affiliates + donationsMarketing is uncomfortable - Do it anywaySEO takes time - Start writing Day 1Listen to users - Best features come from feedbackBuilding in public is hard - But worth itTry It YourselfLive: passwordchecker.inBuilt with:Vanilla JavaScriptTailwind CSSHave I Been Pwned APILove for solving real problems\Time invested:40 hours (2 weekends) \n Revenue:₹8,200/month (Month 4) \n Users: 5,000+ (and growing)\Not bad for a side project that started with frustration at a government portal.\What are you building? Drop a comment—I'd love to hear about your weekend projects!Connect: Follow my build-in-public journey:Twitter: @cgnivargiLinkedIn: https://www.linkedin.com/in/cnivargi/\