Free trial

Stop chasing passwordless — start preparing for what’s next

Authentication
Murtaza Hafizji,
passwordless authentication gartner identity hype cycle

Digital identity is more than a login box. It’s the control plane for access, security, and trust.

Passwordless authentication, passkeys, and phishing-resistant multi-factor authentication (MFA) are no longer just emerging ideas. Adoption is accelerating, their value is well established, and the conversation has shifted from if they work to how to make them scale effectively.

That’s why we want to draw your attention to the July 2025 Gartner® Hype Cycle™ for Digital Identity.

Why it matters now

The threats we face, like credential harvesting, sophisticated phishing, and SIM swap attacks, are advancing faster than most IAM strategies.

Phishing-resistant MFA is now a must-have for customer-facing logins and workforce authentication.

Passkeys are making secure access simpler for consumers and employees, but adoption still requires integration planning and ecosystem readiness.

Emerging standards such as continuous authorization (AuthZEN) and decentralized identity — including the OpenID for Verifiable Credentials (OID4VC) standard — promise more privacy, portability, and user control while helping organizations reduce risk.

The conversation is moving beyond “remove passwords” toward “rethink trust end-to-end.”

My take

From my experience in identity and authentication, the goalpost never stays still. Passwordless is vital, but it is the foundation, not the finish line. IAM leaders should prepare for what’s next, not just what’s now. That means:

  1. 1. Embracing standards that work across platforms, ecosystems, and vendors to avoid lock-in.
  2. 2. Designing for portability and privacy with approaches like OID4VC, which give users secure, reusable identities they control.
  3. 3. Starting the conversation on post quantum security, which includes post quantum authentication, because even phishing-resistant MFA will need to evolve.
  4. 4. Building for human-centric security so the technology fits the way people actually work.

In other words, passwordless is an important step, but the real goal is a future where identity is everywhere, invisible, and trustworthy by design.

Gartner Hype Cycle for Digital Identity, 2025
Analyst report

Want the full picture?

Explore the Gartner Hype Cycle for Digital Identity, 2025 and see where your roadmap stands.

Read now

What IAM leaders should do next

We believe the Gartner Hype Cycle is more than a status check. It is a guide for where to focus and how to pace innovation.

  • Map your roadmap against the Gartner Hype Cycle™ for Digital Identity, 2025. Know where you are, and where you need to leap.
  • Experiment now with what’s next. Test decentralized credentials, continuous authorization, or other early-stage technologies before they become urgent.
  • Accelerate executive buy-in. Make it clear that the authentication strategy of 2025 will not be enough by 2027.
  • Build for the post-passwordless era. The real advantage will go to those already preparing for what comes after passwordless.

OneSpan is proud to be recognized as a Sample Vendor in the 2025 Gartner® Hype Cycle™ for Digital Identity. In our view, this recognition reflects our role in helping organizations adopt phishing-resistant MFA, passkeys, and passwordless authentication today — while preparing for the identity innovations of tomorrow.

Passwordless remains essential, but the real competitive advantage will belong to organizations already preparing for the post-passwordless era.

Gartner, Hype Cycle for Digital Identity, Nayara Sangiorgio, Nathan Harris, 14 July 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from OneSpan.

Murtaza Hafizji
Murtaza Hafizji

Murtaza Hafizji is the U.S.-based Technical Product Marketing Manager for OneSpan’s Security Business Unit, focused on FIDO, identity, and authentication. With over 15 years in cybersecurity and deep expertise in the identity space, he brings a clear, technical perspective to solving real-world challenges in secure access and digital trust.

Contents
Sign up for OneSpan updates.
Share