yes and no
As others have mentioned, this research is assuming that the attacker already has access the the password hashes, so the comments about limiting retry-rate and lock-outs, while valid, are not really relevant.
The problem is that a lot of passwords (especially in web sphere) are hashed with MD5 or one of the SHA versions. These are hashing algorithms that are designed to go fast.
The trick is to design a hashing algorithm that runs slowly. And salt your hashes.
Biting the hand that feeds IT
