Simplest thing to do is to use a 8 char string as the base password and append, prepend or insert a three char string based on the web site name into it.
I used to do this, but the problem is that it only protects against automated attempts to abuse a compromised password. If I happen to have bought something at EvilWebshopHosterX and made an account with BasePasswordEWHX, it's easy for anyone that gets their hands on the password to figure out all my other passwords based on the scheme.
Rotate the base password once a year or so.
This is a terrible hassle and generally leads to having to try multiple base passwords before giving up and using the password reset mechanism because at that particular website, none of the base passwords plus the website specific scheme were allowed by retarded password restrictions.
The main point is that I just don't want to trust any entity with key information that can be used for doing other things. Things like LastPass generated unique tokens and application specific tokens are things that remove that risk, although of course pretty much everything is compromised if your emailaccount used in password reset mechanisms is compromised.