Now, for some math. In the 95 character ASCII printable keyspace (usually around the number of different characters allowed in a password), checking every possible password up to 8 characters would take around 6.6 e+15 tries. While that seems like a lot, a 1 TH/s (1 e+12 hashes/sec) unit could process all of those in under two hours. (this is hypothetical, I'm not accounting for bandwidth limitations and the like)
Sorry, that was a bit long winded. Hopefully it's at least moderately understandable.
Now the scary thing, watch the curve as you go to 9, 10 and 11+ characters.
passwords should be 9+ characters, as that would take years for the average person to crack it with average equipment.
edit-
this is what I was referring to
No offense, but that's a completely useless (and actually deceptive) graph. The scale on the y axis is really poorly chosen.