DES keys are 56 bits spread over 8 bytes (high-order bit of each byte is presumed to be parity and ignored). Your passwords/passphrases can be as long as you wish, you just have to extract 56 bits of entropy from them by passing them through a grinder like a cryptographically strong hash function (MD5/SHA).

Note: passwords/passphrases usually consist of letters + digits instead of all possible byte values, meaning an 8-character password contains much less than 8 bytes' worth of entropy (read: less than 8 bytes of 'key material bits'), typically 32 bits or less.

I don't want to preach too much crypto here so I simply recommend three things:
(1) use a cryptographic hash function to turn user-provided passwords/passphrases/'keys' of any length into actual key material for whatever encryption algorithm you use; if the hash is longer than the desired number of key bits then it doesn't matter which bits you extract from the hash
(2) let the client sign off on the encryption algorithm/strength
(3) if your app is security-sensitive then it probably needs to be reviewed by a security expert; making a system secure is more involved than simply adding a dash of encryption here and there