diff --git a/examples/ansible.cfg b/examples/ansible.cfg
index b6845c07033..4ab8cca1726 100644
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -46,8 +46,9 @@ gathering = implicit
 # change this for alternative sudo implementations
 sudo_exe = sudo
 
-# what flags to pass to sudo
-#sudo_flags = -H
+# What flags to pass to sudo
+# WARNING: leaving out the defaults might create unexpected behaviours
+#sudo_flags = -H -k
 
 # SSH timeout
 timeout = 10
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py
index 466f59702c6..98a111ae339 100644
--- a/lib/ansible/playbook/play_context.py
+++ b/lib/ansible/playbook/play_context.py
@@ -346,9 +346,13 @@ class PlayContext(Base):
                 # sudo prompt set with the -p option.
                 prompt = '[sudo via ansible, key=%s] password: ' % randbits
                 exe = self.become_exe or self.sudo_exe or 'sudo'
-                flags = self.become_flags or self.sudo_flags or ''
-                becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c %s' % \
-                    (exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, executable, success_cmd)
+                flags = self.become_flags or self.sudo_flags or C.DEFAULT_SUDO_FLAGS
+
+                # force quick error if password is required but not supplied, should prevent sudo hangs.
+                if not self.become_pass:
+                    flags += " -n "
+
+                becomecmd = '%s %s -S -p "%s" -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd)
 
             elif self.become_method == 'su':