diff --git a/backup.yml b/backup.yml
index f6526a8..3cd91c1 100644
--- a/backup.yml
+++ b/backup.yml
@@ -115,9 +115,15 @@
         name: openvpn-client@{{SERVER_NAME}}
         state: restarted
         enabled: yes
+
+    - name: generate disposable user password
+      shell: dd if=/dev/urandom count=100 | md5sum
+      register: user_password
+
     - name: Add the backup user
       ansible.builtin.user:
         name: "{{SERVER_NAME}}-backup"
+        password: "{{user_password.stdout | password_hash('sha512')}}"
 
     - name: set permissions on backup dir
       file: