You’re right, but the problem goes much deeper than that. Essentially every number your computer generates is not actually random, it only pretends to be random by using a complex mixing one-way function.

There are ways to introduce unpredictability to the input of that function though. Common methods include using current time or using mouse and keyboard inputs. But even that’s not the end of the story: some companies use cameras pointed at lava lamps to generate random numbers, others may use quantum probabilistic effects, muon particles entering the atmosphere and many other unpredictable events to generate “real randomness” as an input to those mixing functions – so the result will be “more random”.

However, for individual’s purposes getting the randomness from your inputs, current time and traces of your digital footprint is enough, and your generated passwords are secure and difficult to guess.