MFA & Radomness

Anecdotally I kept seeing certain numbers and patterns showing up in a 2 digit MFA that I regularly use, notably double or adjacent numbers, so I started plotting them out, while I only have 80 data points from the last couple months. I believe it's slowly confirming my theory, could still be coincidence is at play with the low amount of data compared to the 90 possible outcomes, but if not I'm curious to as why they aren't a fair random.

Reading the below plot so far, the couple with the highest occurrences are 67 and 15 with 4 each. For doubles there are 3 appearances of 33 and 2 for each of 44, 55, 66, 99. Adjacent numbers we have the 67, and 3 appearances of 54, and 2 of 21 and 87.

I suppose the actual number isn't actually what is important to security, just that it's another layer of security, so even if the numbers are weighted to more friendly and easy to enter, bad actors will still need the user's device or convince the user to tell them the number. Just as long as you can't predict the next number with certainty when the current expires, it doesn't really matter how random the number is, just random enough that the next can't be predicted.

Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) I've picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as it's easier to keep track of. Not all MFA would use the same number generation so some might be a more 'true' random while others like the one I'm plotting may be weighted.