The -- characters you entered caused the database to ignore the rest of the SQL statement, allowing you to be authenticated without having to supply the real password.