Every database has its vulnerabilities. We tested on Oracle DB and had every password within 15 minutes. Security isn’t just passwords or encryption. They certainly help but it takes the whole picture to keep things locked up.
Key management applications help manage passwords and keepass is one. Sounds like a good system you have going there.
I understand DB vulnerabilities but admittedly steer clear of them mostly out of ignorance but also out of a lack of need.
I don’t run any DBs on my home network anymore, esp. with all of the stories I hear and read about DB security.
In a domain environment, I force all DBAs to change the default ports to prevent script kiddies from banging on the door and enact two-factor authentication for administration (usually certs and complex passwords).
Authentication needs to be looked at with a fine-toothed comb. Passwords/phrases are old-tech. Smart cards, biometrics, and character/vision-based authentication make more sense, IMO.