Please see the attached video , your 2FA implementation is flawed . We can reuse an OTP multiple times , also  your window of acceptance is too large .

More over you should mask the OTP entry ( or perhaps give an option to see it momentarily to the user )

Please fix these issue , all your customers are impacted , this impacts all your applications and entire platform . If this information is released on social blogs Zoho will loose it's name and business.

Regards,

Soumen