What's the right way to generate a nonce if not using Math.random()?

Right now I am generating a nonce by doing (int) (Math.random() * 10000000) but I get the feeling this is a naive or stupid way to do it.

Should a nonce be like a long string of random characters instead? Should I be using a different randomizer? I have heard of SecureRandom but I don't know if it's as simple as replacing one with the other.