diff --git a/properties/import-export.c b/properties/import-export.c
index 151a223dd900a057866752ed6cd0d6cc4e1bd68c..d1f298ddc59659567a14e55f9e85345c4030284b 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1193,6 +1193,13 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
 			continue;
 		}
 
+		if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_AUTH_NOCACHE)) {
+			if (!args_params_check_nargs_n (params, 0, &line_error))
+				goto handle_line_error;
+			setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH_NOCACHE, "yes");
+			continue;
+		}
+
 		if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_PUSH_PEER_INFO)) {
 			if (!args_params_check_nargs_n (params, 0, &line_error))
 				goto handle_line_error;
@@ -1948,6 +1955,9 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
 	if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_RANDOM), "yes"))
 		args_write_line (f, NMV_OVPN_TAG_REMOTE_RANDOM);
 
+	if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH_NOCACHE), "yes"))
+		args_write_line (f, NMV_OVPN_TAG_AUTH_NOCACHE);
+
 	if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUN_IPV6), "yes"))
 		args_write_line (f, NMV_OVPN_TAG_TUN_IPV6);
 
@@ -2255,7 +2265,6 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
 
 	/* Add hard-coded stuff */
 	args_write_line (f, NMV_OVPN_TAG_NOBIND);
-	args_write_line (f, NMV_OVPN_TAG_AUTH_NOCACHE);
 	args_write_line (f, NMV_OVPN_TAG_SCRIPT_SECURITY, "2");
 	args_write_line (f, NMV_OVPN_TAG_PERSIST_KEY);
 	args_write_line (f, NMV_OVPN_TAG_PERSIST_TUN);
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index 98cd828594c5fb76a51c3df11a1c0cda1bfc52d0..3ad1bb3d8435b17b035d8bf6b81b72b2baccb7fc 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1449,6 +1449,24 @@ config: ping-exit | ping-restart &lt;n&gt;</property>
                     <property name="position">10</property>
                   </packing>
                 </child>
+                <child>
+                  <object class="GtkCheckButton" id="auth_nocache">
+                    <property name="label" translatable="yes">Don't cache Authentication Information</property>
+                    <property name="use_action_appearance">True</property>
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="receives_default">True</property>
+                    <property name="tooltip_text" translatable="yes">Forget Username/Password with successful login. This can potentially cause problems if a second factor password is used.</property>
+                    <property name="use_underline">True</property>
+                    <property name="xalign">0</property>
+                    <property name="draw_indicator">True</property>
+                  </object>
+                  <packing>
+                    <property name="expand">False</property>
+                    <property name="fill">True</property>
+                    <property name="position">11</property>
+                  </packing>
+                </child>
                 <child>
                   <object class="GtkCheckButton" id="float_checkbutton">
                     <property name="label" translatable="yes">Accept authenticated packets from any address (F_loat)</property>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index 74c9ddf036d6f3e8a5d7306eeeb4d1c0dbe6b98e..45bc64e59e038324e8e7920ad66501c6a3c27a72 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -687,6 +687,7 @@ static const char *const advanced_keys[] = {
 	NM_OPENVPN_KEY_TLS_VERSION_MAX,
 	NM_OPENVPN_KEY_TUNNEL_MTU,
 	NM_OPENVPN_KEY_TUN_IPV6,
+	NM_OPENVPN_KEY_AUTH_NOCACHE,
 	NM_OPENVPN_KEY_VERIFY_X509_NAME,
 };
 
@@ -1601,6 +1602,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
 
 	_builder_init_toggle_button (builder, "remote_random_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_REMOTE_RANDOM));
 	_builder_init_toggle_button (builder, "tun_ipv6_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_TUN_IPV6));
+	_builder_init_toggle_button (builder, "auth_nocache_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_AUTH_NOCACHE));
 
 	widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
 	value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
@@ -1959,6 +1961,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
 	if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
 		g_hash_table_insert (hash, NM_OPENVPN_KEY_TUN_IPV6, g_strdup ("yes"));
 
+	widget = GTK_WIDGET (gtk_builder_get_object (builder, "auth_nocache_checkbutton"));
+	if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+		g_hash_table_insert (hash, NM_OPENVPN_KEY_AUTH_NOCACHE, g_strdup ("yes"));
+
 	widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
 	model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
 	if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
@@ -2132,6 +2138,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
 		                     g_strdup_printf ("%d", ping_val));
 	}
 
+
 	/* max routes */
 	widget = GTK_WIDGET (gtk_builder_get_object (builder, "max_routes_checkbutton"));
 	if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 08337f8d677659f6b139f3bbaebca8a45a57e94e..468a50f5ed8d11a83dfd11715cd3f34375cd2f65 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -80,6 +80,7 @@
 #define NM_OPENVPN_KEY_TLS_VERSION_MAX           "tls-version-max"
 #define NM_OPENVPN_KEY_TUNNEL_MTU                "tunnel-mtu"
 #define NM_OPENVPN_KEY_TUN_IPV6                  "tun-ipv6"
+#define NM_OPENVPN_KEY_AUTH_NOCACHE              "auth-nocache"
 #define NM_OPENVPN_KEY_USERNAME                  "username"
 #define NM_OPENVPN_KEY_VERIFY_X509_NAME          "verify-x509-name"
 
diff --git a/shared/utils.h b/shared/utils.h
index f2882cf883c014df289eb7979bc42aa9c2571275..4a2506d826dd99616aff57536d6cbafc6d8bb20e 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -24,7 +24,6 @@
 #define UTILS_H
 
 #define NMV_OVPN_TAG_AUTH               "auth"
-#define NMV_OVPN_TAG_AUTH_NOCACHE       "auth-nocache"
 #define NMV_OVPN_TAG_NCP_DISABLE        "ncp-disable"
 #define NMV_OVPN_TAG_AUTH_USER_PASS     "auth-user-pass"
 #define NMV_OVPN_TAG_CA                 "ca"
@@ -82,6 +81,7 @@
 #define NMV_OVPN_TAG_TLS_VERSION_MAX    "tls-version-max"
 #define NMV_OVPN_TAG_TOPOLOGY           "topology"
 #define NMV_OVPN_TAG_TUN_IPV6           "tun-ipv6"
+#define NMV_OVPN_TAG_AUTH_NOCACHE       "auth-nocache"
 #define NMV_OVPN_TAG_TUN_MTU            "tun-mtu"
 #define NMV_OVPN_TAG_USER               "user"
 #define NMV_OVPN_TAG_VERIFY_X509_NAME   "verify-x509-name"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index cf0436d6a7a8cd46b2a311740ee6452006c39785..2f6c985a84abb8e6e9c856211df4526255cc9017 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -181,6 +181,7 @@ static const ValidProperty valid_properties[] = {
 	{ NM_OPENVPN_KEY_DEV,                       G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_DEV_TYPE,                  G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_TUN_IPV6,                  G_TYPE_STRING, 0, 0, FALSE },
+	{ NM_OPENVPN_KEY_AUTH_NOCACHE,              G_TYPE_STRING, 0, 0, TRUE },
 	{ NM_OPENVPN_KEY_TLS_CIPHER,                G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_TLS_CRYPT,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_TLS_REMOTE,                G_TYPE_STRING, 0, 0, FALSE },
@@ -1675,7 +1676,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
 	if (tmp)
 		args_add_strv (args, "--auth", tmp);
 
-	args_add_strv (args, "--auth-nocache");
+	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH_NOCACHE);
+	if (nm_streq0 (tmp, "yes"))
+		args_add_strv (args, "--auth-nocache");
+
 
 	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
 	if (nmovpn_arg_is_set (tmp)) {
