diff --git a/clanServices/users/README.md b/clanServices/users/README.md
index 4748e1a5a..1b53fce03 100644
--- a/clanServices/users/README.md
+++ b/clanServices/users/README.md
@@ -17,6 +17,20 @@
       };
     };
 
+    # Deploy user Carol on all machines. Prompt only once and use the
+    # same password on all machines. (`share = true`)
+    user-carol = {
+      module = {
+        name = "users";
+        input = "clan";
+      };
+      roles.default.tags.all = { };
+      roles.default.settings = {
+        user = "carol";
+        share = true;
+      };
+    };
+
     # Deploy user bob only on his laptop. Prompt for a password.
     user-bob = {
       module = {
diff --git a/clanServices/users/default.nix b/clanServices/users/default.nix
index 1477aaee5..a5684683c 100644
--- a/clanServices/users/default.nix
+++ b/clanServices/users/default.nix
@@ -59,6 +59,17 @@
               - "input" - Allows the user to access input devices.
             '';
           };
+          share = lib.mkOption {
+            type = lib.types.bool;
+            default = false;
+            example = true;
+            description = ''
+              Weather the user should have the same password on all machines.
+
+              By default, you will be prompted for a new password for every host.
+              Unless `generate` is set to `true`.
+            '';
+          };
         };
       };
 
@@ -82,7 +93,6 @@
             };
 
             clan.core.vars.generators."user-password-${settings.user}" = {
-
               files.user-password-hash.neededFor = "users";
               files.user-password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
               files.user-password.deploy = false;
@@ -107,6 +117,8 @@
                 pkgs.mkpasswd
               ];
 
+              share = settings.share;
+
               script =
                 (
                   if settings.prompt then