Passwords should never expire: https://www.sans.org/security-awareness-training/blog/time-password-expiration-die
Passwords should not be changed often: https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html
Password “complexity” is – mostly – a joke: https://www.xkcd.com/936
You have been breached: https://blog.augustschell.com/passwords-passphrases-complexity-length-crackability-memorability-data-breaches
Passphrases are better than passwords – and https://password.ga will generate them for you (it will also generate random passwords that pass complexity requirements)
Use a password manager of some kind