Password managers are good but long passwords and password managers are better. If we are assuming MD5 then yes an 8 character password is not secure if someone is targeting you as it would take 10 hours to crack. If someone has a entire database of users let's say 50,000 users all with 8 character passwords then that would take 57 years to crack every password, so you may or may not be in the unlucky few that are at the top of the list. Also as GPUs get more powerful that time is going to come further down and you will be more at risk. Personally I use longer than 12 character passwords with a password manager, the inconvenience of having to type it in manually once or twice is not really that much greater than an 8 or 12 character long password.
That 57 years is assuming they're storing their passwords MD5 hashed, with a salt (hah, i'm sure they thought of that if they're using MD5), and using the least efficient method possible to crack the passwords.
It also assumes only a single system... not a cluster of several hundred or thousands. It also assumes no weaknesses in the algorithm itself that may be mitigated.
