Is there any way to lock a user after x unsuccessful attempts of OTP in login page.
Maybe have a look at built-in Brute Force Detection