For the purposes of this, we’re ignoring SQL Server 7.0 and below.
Out of the box, SQL Server will encrypt some things by default to protect you and your data. Out of the box, SQL Server will encrypt the passwords which are sent up from the client to the SQL Server.
This will keep the password from being sniffed on the network when logging in to the SQL Server instance.
SQL Server does this encryption using a self-signed certificate to ensure that the certificates always there. If you have selected a different certificate for encryption, then SQL Server will use this certificate to encrypt the login data.