That's only if every password to be cracked is a completely random string of characters. Statistics show that many, many people use words, often easily guessable words, as their passwords. Sometimes they add a number or punctuation mark to the beginning or end of the password.
This is much more vulnerable to a dictionary attack.
Dictionary attacks are not guaranteed to get into any specific account, but are very fast at getting into (say) 40% of accounts that you aim them at.
Cliff Stoll's "The Cuckoo's egg" is a good, true story based on this.