Changing your password often doesn't help one bit if you choose a weak password every time. Password strength is key, and forcing users to choose new passwords every so often, as some companies do, begs users to choose weak passwords because they know they'll be forced to remember a new one soon.
What if companies encouraged users to use password managers, or linked to sites such as https://identitysafe.norton.com/password-generator/, that create random strong passwords for their sites to go along with the two factor authentication?