$\text{Random}$ $\text{Number}$ $\text{Generators}$ ($\text{RNGs}$) are fundamental to computing, used for everything from statistical modeling to cryptographic security. The biggest mistake is confusing statistically random ($\text{sufficient}$ $\text{for}$ $\text{games}$) with cryptographically secure random ($\text{mandatory}$ $\text{for}$ $\text{security}$).
Using a $\text{Pseudo}$-$\text{Random}$ $\text{Number}$ $\text{Generator}$ ($\text{PRNG}$) for security-critical tasks (e.g., generating user $\text{passwords}$ $\text{or}$ $\text{encryption}$ $\text{keys}$). $\text{PRNGs}$ $\text{are}$ $\text{predictable}$.
Mandatory: For security tasks, use a $\text{Cryptographically}$ $\text{Secure}$ $\text{PRNG}$ ($\text{CSPRNG}$). $\text{CSPRNGs}$ $\text{rely}$ $\text{on}$ $\text{high}$-$\text{entropy}$ $\text{system}$ $\text{sources}$ ($\text{hardware}$ $\text{noise}$) to ensure the output is practically unpredictable.
Generating a random number where the maximum and minimum values are not correctly defined, leading to unexpected outliers or numbers outside the required range.
Clearly define the inclusive ($\text{min}$ $\text{and}$ $\text{max}$ $\text{are}$ $\text{included}$) or exclusive ($\text{max}$ $\text{is}$ $\text{excluded}$) boundaries of the number generation.
Manually defining the seed value (the starting point for the sequence) as a simple number (e.g., $1$). This makes the entire sequence predictable.
Best Practice: Use the system's current $\text{time}$ ($\text{milliseconds}$), $\text{hardware}$ $\text{noise}$, or a true hardware $\text{RNG}$ source as the seed for maximum unpredictability.
Using a generator that favors certain numbers in the range, skewing the statistical analysis.
Verify the tool uses an algorithm (like the $\text{Mersenne}$ $\text{Twister}$ for $\text{PRNG}$) that ensures a uniform distribution across the entire range.