This is not great advice. Yes every database should have a strong password but exposing the database port to the internet and relying on fail2ban is wrong and a futile game of whack-a-mole.
If the applications accessing the database are only on the same node, disable the network listener and use a named pipe for database communication if the applications support it. If the nodes accessing the database are not on the same node then set up firewall rules to only allow those nodes. If the remote nodes have dynamic IP addresses then use a VPN such as Wireguard to permit access. Exposing a database to the open internet is a losing game. VPN's and static IP addresses can and should be managed automatically through configuration management tools.
If the applications accessing the database are only on the same node, disable the network listener and use a named pipe for database communication if the applications support it. If the nodes accessing the database are not on the same node then set up firewall rules to only allow those nodes. If the remote nodes have dynamic IP addresses then use a VPN such as Wireguard to permit access. Exposing a database to the open internet is a losing game. VPN's and static IP addresses can and should be managed automatically through configuration management tools.