There is only one root account on every OS X computer and it is disabled by default. It doesn't have a password and you can't login as root unless you specifically use Directory Utility and enable it. It's dangerous, because when logged in as root the system bypasses all authorization - it doesn't even ask for a password. In that aspect, an OS X computer is indeed rootless, which is A Good Thing™.
Admins accounts are simply standard accounts that also happen to be in the admin group. Any action in OS X performed by a logged-in user is checked against the authorization database (you can see its rules in /System/Library/Security/authorization.plist to see whether no authentication is required or is it enough to be authenticated as the session owner (standard user that is logged in), or must you be a member of the admin group. It gives very fine-grained control. So three possibilities might occur, for example in System Preferences when clicking the locked padlock. Upon clicking, it may simply unlock without authentication, it may offer authentication dialog with account name already put in (which means please confirm it's you) or may offer authentication dialog with account name and password fields blank (which means you are not admin, please call an admin to type his credentials in).
A rule of thumb is that anything that can affect other users on the computer (system-wide change) will require administrative authentication. But it's more complex than that. Standard users, for example, can install apps from the Mac App Store in the /Applications folder (which is a system-wide change) but cannot bypass GateKeeper to run unsigned applications even if only within their own data.
Standard users cannot invoke sudo which has a bad side-effect of not requiring authentication in a 10-15 minutes window after that. A cleverly designed script will ask you for an admin authentication for something you approve of, but after that it will do all sorts of wacky stuff you know nothing about.
Standard users can also be managed via parental controls or configuration profiles and can have password policies enforced. Admin users can do no such thing.
System Integrity Protection addresses the fact that people have been clicking thru installer packages and providing passwords so easily that the users have become the weakest link. SIP just tries to keep the system afloat, nothing else (and sometimes fails in that, too).
You would not believe how many people I've seen that have only one user on the computer (which is also admin account) and even without an account password, just to perceive a slight decrease in annoyance in form of a login window activity.
I can't agree with your opinion that it is a pain to switch to an admin account when necessary. If you are in Terminal, you only need to su myadminacct before doing anything, including sudo or launching Finder as another user by executing /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder.
In GUI, well, Mac App Store updates (including OS X updates) do not require admin authentication. Those installer packages that end up in Downloads folder, including Adobe Flash updates, yes, you should be very careful before opening those doing the extra work and making triple sure they come from the right place and are not full of nasties.
That's why I think using a Mac with a standard account is better and more secure than with an admin, because it protects me from my own mistakes and oversights. Even the majority of knowledgeable users don't inspect every downloaded script line-by-line to see if there is anything fishy going on.
I hope that the controls could get even stricter in the future, for example introducing conditions or schedules when an app (or script or any executable) can be run or have access to the network or that an executable may not even be started if I didn't explicitly allowed it (authentication dialog) within last month or so.
Best Answer
You'll need to get an application specific password from Google.
You should be all set.