They might be right...
Forcing password changes on daily use accounts compromises security, as all the comments here show. Password123! will be accepted almost everywhere. Microsoft *ducks* have published some interesting research recently. Setting a higher minimum length just means that the majority of passwords will be at or just over that length. Their recommendation: ban common passwords prior to hashing.