You should run
SHOW GRANTS FOR 'root'@'localhost';
If it shows this line in the results:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION
and not this line:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' WITH GRANT OPTION
that means the root user is automatically authenticated by the unix socket credential. If you don't want this, you can issue a manual GRANT command (don't shoot yourself in the foot doing this) that will override the previous, eg:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'mysecurepassword' WITH GRANT OPTION;
Now mysql will ask a password, but can be used by any user able to access the unix socket (so by default just using
mysql -u root -p without being root but of course knowing the password). You have to ponder which one is more secure.
I don't know why the
mysql_secure_installation doesn't explain about this.