I've been having fun with these puzzles, but I don't appreciate being asked to download paid software from organizations I do not know or trust. Fortunately, this CTF can be easily completed with integrated browser features alone. Here, I'll document my step-by-step process - first in Firefox and then in Chrome.
First, start the instance and open the provided link.
Fill the form with whatever you please and submit it.
Bring up the developer tools by right-clicking anywhere and choosing "Inspect".
Submit anything you like as your one-time-password (OTP). 
Right-click the newly-logged post request and select "Edit and Resend". 
In the body of the payload, remove everything before clicking "send".
Click the ammended post request and there's your flag. 
Chrome also allows something akin to edit and resend, but I find it cumbersome to use and would go a different route. I would, instead, find the post request the same way we do in Firefox, right-click on it, and choose to "Copy as cURL (bash)". 
You can paste the sprawling command into a text editor to review and modify it. 
To solve this challenge, we need to delete the text in the --data-raw argument and execute it in a bash shell. Here's what that looks like using the PicoCTF Webshell: 