The RPF deliberately made the decision to not assign a password to the root user for security reasons. It is well known that access to the root user provides full access to everything and section of the OS. By not assigning a password to the root user means any attacker or hacker to the system needs to find a valid user name and then attack the password for that user. This makes hacking the PI much harder. The hacker also needs to use a user name that has super user rights, another wall to breach. One can run a number of commands as the super user by use the sudo command to become the root user. Check the manual on the sudo command:
If you assign a password to the root user you should then remove the password, but this is not task for a noob.
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.