Then again, not that cheap when the 4090 starts melting after cracking into merely 15 folders, or less with increased password length.
Joke aside though, such decryption capability can certainly be an issue, especially in regard to targeted attacks. And moreso when an user has the same password across various sites - i.e. when using the same password for a gaming website and for e-mail account, then a leak of password at the gaming website would give the password for the e-mail account as well.
Myself, even before 4090, I was considering to get an U2F Security token, such as Yubikey. That works with many webservices (except e.g. Steam at this point). And while it isn't completely foolproof, it seems to improve these matters quite some, without having to rely on a working non-hacked mobile phone.