Yes, password expiry is generally considered bad practice and should only be triggered on demand if there’s suspicion of a security breach, precisely because it’s much more likely to lead to simple, less secure passwords.

Which doesn’t stop a ton of organizations from requiring it anyway.