Not sure how this would change much, nothing stops you from making 3 small passwords and just combining them.
IMO, short of ridiculous systems with stupid requirement or restrictions, the concept of a password works fine - it just has to be implemented right, and unfortunately it's often not the case. The key is that systems that use passwords should also have brute force protection, yet most systems don't. Hard to do for something that can be done offline like an encrypted file, but for a web page or server you have to login to, there's absolutely no reason why they can't have brute force protection built in.
Also, get rid of the requirement to change it ever month but replace with a reminder after a year, but don't force it. That serves practically no purpose. If someone is brute forcing the system, the fact that you changed your password recently, or 10 years ago, does not matter. And let's assume a brute force operation is happening over the course of multiple years (as it would probably take due to network latency and other factors of brute forcing something online) whether or not you changed it multiple times in that time does not matter. The brute force algorthm may or may not have already tried the password you just set it to.
I guess one purpose of changing a password is if there was some kind of leak, but you should change it anyway if that happens, don't force it, just educate users, and if a major leak happens then advise users that they should change it, or perhaps force a change at that point... even a leak that has nothing to do with that service, as people reuse passwords. At work we have about 40ish different passwords, they all expire at different times, some you can't even voluntary change while others you can. Makes it ridiculously hard to keep them in sync, which encourages people to just write them down.