This is both true and highly misleading. Paranoia isn't a replacement for good security.
I would recommend something like wireguard, you still need to open a port on your router, but as long as they don't have your private key, they can't bruteforce it.
The same is true of ssh when using keys to authenticate.