Don't keep them online for long term. Blockchain.info is pretty safe but I still wouldn't keep large amounts of coins on there.


He doesn't even need a hardware wallet. Just make several back ups of your wallet.dat file and write the private keys down and keep them offline in a safe and secure place.