To add to prabhaamaji's comments, you really shouldn't do it that way anyway.
There are two problems there: one with the SQL syntax, and one called SQL Injection.
While the syntax will work, it depends on the order in which the columns in your database are defined. If someone modifis it and adds a column before the username, then your code fails , becasue it expects the username first. Always name the columns, in the order you are goint to fill them:
INSERT INTO login (userName, password) VALUES (...)
That way your code is better protected against future changes.
SQL Injection happens when you allow the user direct access to you sql command, and can be exploited to steal, damage or destroy your database. Do not concatenate strings to build a SQL command - use Parametrized queries instead;
cmd = new SqlCommand("INSERT INTO login (userName, password) VALUES (@UN, @PW)", con);
cmd.Parameters.AddWithValue("@UN", TextBox1.Text);
cmd.Parameters.AddWithValue("@PW", TextBox2.Text);
There are two others I would like to add in passing, that it is worth your considering - probably later when yoiu have a bit more experience:
1) Do not use the VS default names for controls: You may remember today that TextBox1 has the username, but will you remember next week? Call it tbUserName or similar, and it becomes more obvious.
2) Do not store passwords in clear text! There is a Tip here explaining why not:
Password Storage: How to do it.[
^]