Whatever you do, steer them away from Ledgers. As much as Ledger swears their hardware is secure, their firmware does leave a way of extracting keys,and they’ve said straight up that they’ll cooperate with authorities to divulge user info. Not to mention the data breach they had 3 years ago that included thousands of user emails and contact info.

Make sure newbies know not to buy signing devices from resellers. Whatever they get should come tamper sealed and verifiably legit from the manufacturer.