I think a better approach than to use just a password would be to prevent any client from an IP address other than the two you have from connecting.
Thinking a step further, if you do that, then using a password does not provide much extra security. Because any unauthorized connection coming from an authorized IP would mean that the authorized host has been compromised - in which case the attacker could probably have gotten hold of the jar file with the client code, reverse-engineered the code, and thus extracted the password.
So, if you check the IP, a password doesn't add much. But
you should use one :-) And store it in encoded form in the source code, not as cleartext, and not in an extraneous file.