Randomness of hash token in password reset link [duplicate]

This question already has an answer here:

• Can anyone provide references for implementing web application self password reset mechanisms properly? 8 answers

I want to know what are the points to be kept in mind while creating a hash token for my password reset links.

In particular, how to make it un-predictable for an attacker?