Hari i have disabled the flarum login and using social login only.
The problem with doing that is that it will complicate your privacy policy and obligations to your users. The social platforms require that you put a link to each of their privacy policies in your privacy policy which must be visible/accessible at the login field. This isn't the 90's, you've got serious legal obligations there to your users. Plus it provides its own security risks as well since now if someone hacks a 3rd-party service they can access your user's account on your forum. Also we know that many of the US-based platforms in particular cannot be trusted on privacy, just this week Twitter was fined $150M over a serious privacy violation. Last year in my country Facebook intentionally shut down accounts and pages operated by essential emergency services (government and charity) and other non-profits over a dispute with the government in an attempt to strong arm them into capitulating to their demands. Are those really companies you wish to trust with your user's data? I know I wouldn't.
The only problem with password security as it is is that Flarum core doesn't follow very much of the best practise guidelines recommended both by NIST and security professionals. Think of the guidelines as cumulative - the more that you follow the better the security, it's not so much that you must follow every single point, but that each step that you can implement improves security. They already salt and hash the passwords so that's fine, but they can still be hacked if someone breaches the database and the password is weak which is why you need a way to improve the security of the passwords hence Pwned Passwords (breached database check) and then ideally also enforce longer passwords like say 16 characters or even longer to encourage the use of passphrases instead of simple passwords.
I'd also recommend you install the Passwordless extension which allows login via email link. You can use it the way you're using the social logins where passwords are completely disabled, but even with passwords enabled it provides two important benefits. 1. It allows a back-up option for logging in without needing to change your password - and that encourages confidence in setting a stronger password or using a password manager. 2. It provides users an important alternative to changing their password.