Well I'm not surprised: you only retrieve records from the database which match you login name and password. So, if you enter a bad password, it will retrieve no records, and will not enter the while loop to check anything.
BTW: don't access your DB like that: you are leaving yourself wide open to an SQL Injection attack. Use parametrized queries instead:
command.CommandText = "SELECT DISTINCT * FROM users WHERE name=@NM AND password=@PW";
command.Parameters.AddWithValue("@NM", data[0]);
command.Parameters.AddWithValue("@PW", data[1]);