I am not sure how passwords are relevant to the pointless chaining of two distinct commands, rather than invoking a straightforward "sudo -s".
People writing "sudo su" are simply imitating a common StackExchange idiom without knowing why.
"su" requires passwords unless invoked by root. "sudo" may be configured to permit/deny specific commands. So if you write that, then you're saying 'become root via the sudoers(5) config and then fork, exec, become root again via the setuid binary "su", in order to run an interactive shell.'
It's a poor habit to be promoting, because it assumes things about the configuration and suggests that "su" is equal to other particular "sudo" maintenance commands, when the point is simply to drop into a root shell, which is a facility provided directly by "sudo", if you'd only read the manual page and learn its options.
Nothing will stop you from invoking "sudo -s" without a password, without another fork/exec, without another suid utility carrying a significantly different authentication model.
