OTP Verification – Which approach will lead to better and consistent UX? (Screenshot included)

I'm designing a screen for OTP verification. The design looks similar to this. Taken from here

enter image description here

My questions are,

  1. Should I auto-verify the OTP when the user has entered all the 6 digits or Should I expect the user to press the Validate button? What will be the better and consistent user-experience?

  2. If I auto-verify the OTP once the user is done with entering the 6 digits, Are there any security concerns? (Assuming, I'm limiting the number of validation attempts on the backend.)