Actually, SQL server will search for <owner>.<object> where <owner> is the current user. If it doesn't find an object matching, it drops back to dbo.<object>. Unless, of course, it's a stored procedure that begins with sp_ in which case it searches for it as master.dbo.<sp_ name> first. Prior to Yukon schema and user aren't separated hence the issues.

Logins are what grant access to SQL Server. Logins are mapped into databases as user. Within every database there are the potential for two special user accounts: dbo and guest.

Guest can be turned off on user databases and is only required on master and tempdb (thought it's on for msdb by default as well). The guest account is what a login uses if no explicit permissions have been granted into the database for said login. Northwind and pubs are two examples where this is true.

The dbo user = the database owner. Whoever owns the database is automatically mapped in as dbo. In addition, members of the sysadmin fixed server role map in as dbo unless they are explicitly mapped in with a user account. The dbo user bypasses all security checks.