If you have crappy user management, and want to avoid having your accounts pwned, you might consider a 14 day password expiry. However, you may consider that 'Holiday1', 'Keyboard99' will probably be cracked faster than you can CTRL + ALT + DEL.
User security should be constantly monitored and evolved, if users are having difficulty remembering passwords or meeting stringent password requirements perhaps you need to review your current policy. What can you do to appease your users but without compromising on security?
Get creative and don't take GCHQ's advice of simply extending the period in which a users password can be cracked.