i have a react dapp so i only use connection to wallets as a login is it advisable or should i add more security such as using email password with access token?
Connection to a wallet is ok if you just want to show public information about a wallet address (for example, information that is on the blockchain).
However, if you store private information in your dApp depending on the wallet address, you should not rely on the address returned by a wallet.
You indeed have no way to be sure the wallet is returning an address actually owned by the user. The user can use a chrome extension to make you believe they own address A, while they actually don’t.
If you need to authenticate the owner of an address, you need to use further authentication mechanisms. You can look at ARC-14 discussions on Issues · algorandfoundation/ARCs · GitHub.