In some distributions such as Raspbian, by default a password is not required to use sudo. Obviously this is no good - so I suggest adding a step to ensure that a password is required.

This can be done like so, at least in Raspbian:

sudoedit /etc/sudoers.d/010_pi-nopasswd

Then remove the NO prefix to NOPASSWD, then save & exit.