I enabled server authentication and made a strong PW for the 'sa' account. (why i enabled SA, beacuse I thought to remotely login from other networks off site, I needed this?, correct me if im wrong!)
You should create a login to use for yourself and not use SA. SA would give you too much permission for what you require.
When I logged in, it let me log in and see my database, even with the WRONG username and password!
When you are logged in try running the following to see if you are logged in with the user you think you are.select suser_sname()
There is a guest database user but not a login for the server
this is an example for creating a log and user. and giving that user read permissions
CREATE LOGIN [<username>] WITH PASSWORD=N'<password>', DEFAULT_DATABASE=[<dbname>];
USE [<dbname>];
CREATE USER [<username>] FOR LOGIN [<username>];
EXEC sp_addrolemember 'db_datareader','[<username>]';