It goes without saying perhaps, but I'm not talking about servers or anything, just the root user of your everyday machine. How much do you type when you sudo? I have gone both long and short. Give reasons.
I always remove sudo from my laptops, su works fine inside tmux. Since the laptop screen is locked when I'm away, the tmux session (with root) can stay active for weeks, so not much typing the root pw.
My everyday remote machines all have an ssh-key for root (and a very complex password that I have printed on a paper at home).
I dislike sudo intensely. My first job when installing any distro without a root password is to give root a password, and from then on I use 'su -'
I have a special 'goroot' script which launches an xterm in a white-on-black color-scheme and requires the root password, as distinct from my normal-user xterm script which launches xterm in a black-on-white color-scheme.
If you're using sudo, then the root password is irrelevant; it's the local users password that elevates permissions.
I see this as both good and bad - users should know their own private credential (rather than the shared "secret" root passwd), but as it's a password they use regularly (potentially multiple times a day), it's easy for people to use something less secure than they otherwise would for "root".
Unrestricted sudo is certainly dangerous. The scripts I have used in the past to test for passwordless sudo call
sudo -n
It's a nice way to see if you can run commands as root with nothing more than getting someone to execute a script. To my surprise it turns out about 10% of an organization will do just that.
To be honest, I was more thinking that if it's your desktop or user password, then it's likely to be easily typeable (people unlock their laptops multiple times a day), compared to an occasionally copy/pasted password from a safe. I didn't even think about passwordless sudo :)
Passwordless sudo + SSH Multiplexing negate the need for any back doors at the end of the day. As a bonus, anti-malware software will never detect or report on using ssh and sudo. Combine those with some obfuscation tools likely already installed on the victims machine called by a python or shell script and you can walk in the front door of just about any organization on earth.
I always remove sudo from my laptops, su works fine inside tmux. Since the laptop screen is locked when I'm away, the tmux session (with root) can stay active for weeks, so not much typing the root pw.
My everyday remote machines all have an ssh-key for root (and a very complex password that I have printed on a paper at home).
I use pwgen -sync "${1:-42}" -1