I've run a VNC service for years but recently hadn't done so due to issues with Win10 working with the TigerVNC variant I used. I thought I'd try the original TightVNC that I used to use and it worked great. During my initial setup and test phase I configured the service with just a simple one letter lower case character to make it quick and easy to test. Before I could configure it with my normal 14 character (with symbols numbers etc) somebody hacked into my computer and took control. I wasn't too surprised and found it quite interesting, as I've read about this before, so watched to see what they would do. They opened a browser and went to Paypal.com, no doubt to do a transfer to an account. I then shut them down, though my Paypal password is never stored (or any other bank/money details). It got me thinking whether my normal 14 character password would prove too much for current hacking tools. If you google "VNC Hacked" you see pages that blatantly offer several tools to hack VNC logins.