Password policy: A headplank moment

Our network has lots of users (about 6000), an under-resourced and under-motivated helpdesk, and complex passwords which need to be changed every three months.  This results in a lot of calls which the helpdesk don't like, so they're lobbying to have the passwords set to last forever.

( Cut ranting about passwords, users, and Getting It Wrong... )

Am I being over-sensitive?  What are the password policies at your office?  If you were in the NHS, would you be as twitchy about this as I am?