I always use site specific, but also site derived passwords. I think it's time to reevaluate that practice. I remember seeing that three of the top password fragments for LinkedIn were link, job, and work. My password was all three... oops.
You might want to look at a browser extension like PwdHash [1]. It uses a client-side script to generate a cryptographic hash from your common password and the domain name. I've been using it for about four years now and have been generally very happy. It means that if my password ever gets leaked the attackers are not only unlikely to find my password of "ngjO3uBJrvt", but if they get it they do not have any information about other sites, even if I reuse the password elsewhere.
There are some newer password management/hashing tools. I've stuck with this one both because it works for me and I know and trust the authors, a group at Stanford.
I don't use that because of (unfounded) concerns that I will someday need to enter my password into some device where it's not available, or the domain will change, or some other scenario where bad things will happen because I do not actually know the password I told the site.
I call this 'primary authentication' which means you're in an environment where you can't execute code (staring at your xfce4 desktop log on prompt for example). Password managers and generators are only useful after you've logged on. Form there, you can execute code and use a password manager for 'secondary authentication' (websites, email, etc.).
