So the suggested trick of adding a site-specific token to a common secure password strikes me as kind of pointless. Admittedly, I did this myself for a short time until it struck me that it was no more secure than a common password in the first place.<p>Ignoring for the moment the slightly-longer-than-average cracking time for a longer password, once your password of "linkedinTink3rb3ll" is compromised, how hard is it for someone to assume your Twitter password is "twitterTink3rb3ll"?<p>Am I missing something and is this token+password trick useful in a way I'm not familiar with?<p>Not to criticize Winfield specifically for suggesting this - as I said, I thought this was a good idea a while ago myself until I couldn't continue to justify it as a good idea. It does add a longer password for relatively no additional mental cost to retain it, and it does result in different hashes so it's not obvious it's being done.<p>I ask primarily in case I'm missing something obviously useful about this tactic instead of having to use passwords that look like my cat slept on my keyboard.