Ignoring for the moment the slightly-longer-than-average cracking time for a longer password, once your password of "linkedinTink3rb3ll" is compromised, how hard is it for someone to assume your Twitter password is "twitterTink3rb3ll"?
Am I missing something and is this token+password trick useful in a way I'm not familiar with?
Not to criticize Winfield specifically for suggesting this - as I said, I thought this was a good idea a while ago myself until I couldn't continue to justify it as a good idea. It does add a longer password for relatively no additional mental cost to retain it, and it does result in different hashes so it's not obvious it's being done.
I ask primarily in case I'm missing something obviously useful about this tactic instead of having to use passwords that look like my cat slept on my keyboard.
Now if you were "salting" (Still not sure that's what I would call it) your passwords for each site you used with a RANDOM string then yes it would provide extra security, however at that point why aren't you just randomly generating the whole thing.
The author clearly doen't know what he is talking about and is using buzzwords to drive pageviews. He is an idiot.