Could you switch to just using passkeys instead of Google, Apple, or Facebook federated identity? This eliminates the risk of storing passwords, and also doesn't create a dependency on one of the companies mentioned. You'll still need to store username, email, or both, depending on your use case. You can also create a code path that will transition accounts from federated identity to self hosted with passkeys as well.