"The good news is that cracking hashes in the way Hive Systems demonstrates requires hackers to have a stolen database of password hashes in the first place. Without this, hackers can't brute-force hack password hashes." - Author
To broad. A measly Radeon 7900 XTX ramming thru about 100 million NTLM hashes per second could purely brute force [no dictionary or rainbow table(s), the latter being especially effective for NTLM (Windows) since passwords aren't salted and therefore can be precomputed] in about 25 days for an 8-character password with letters and numbers. Interestingly, bcrypt with a cost of 10 increases this number to about 17,000 years, demonstrating how much impact the different hashing algorithms have on password anti-cracking security.
Would have been nice to also show their table that shows longer passwords as this really drives the message home on the importance of longer passwords.
Don't want to give a false sense of security when possible. Hackers can and will use even more GPU's to speed up this process, such as distributed clusters of multi-GPU systems, and cracking tools exist that are able to utilize those (>12 GPU's). Yes, it's going to be cost-prohibitive outside of well-resourced attackers, though renting GPU compute is possible and might be done for targetted attacks where continuous or near-continuous 24/7/365 hashing isn't needed.