is possible create Server With user policy with no certificates?

[rafaone]

its not clear to me:
I created a simple server with:

and with user identity

but using the UaExpert I got
is possible to user the user token only for authenticate at begin ? or if we use user policy is mandatory the certificate?

[kevinherron]

If you allow user/password authentication then you should configure a certificate for the server, even if only unsecured endpoints will be used, because otherwise the password will be sent in plaintext.