That does reduce the number of possibilities greatly, which might matter for some attack scenarios, but usually not IMHO as rate limits should thwart any online brute force.

I'd be interested to know how greatly, if someone has the equation for that.