Only if you're dumb enough to let authentication program be suspceptible to such an attack. Dictionary attacks can be trivially defeated by rating limiting tries and after, say, 5 tries not allowing any more attempts for some cooldown period. No attacker is going to bother if they can only have 5 tries every 15 to 20 minutes.
Please, if you ever have to implement one of this cool down periods, don't be an asshole and allow just 5 attempts (or 3 or something equally idiotic).
There's no good reason why not allow, let's say a 100 attempts, and even really short cool down period should be enough, for example 500ms. Time for some quick & dirty math, assuming 36 possible characters and an 8 character password, a 500ms cool down would add: 36^8*.5/60/60/24/365 ~= 48000 years to brute force all combinations.