I'm a believer that everything sent over the line may be listened to and may be spoofed. If you're into security, you have to assume that if something may happen, it will happen. I would also assume that someone might legitimately upgrade their PC hardware, or for that matter, get a new PC altogether. Or perhaps they have multiple PCs- say a laptop and desktop, and have reason to use the software on both machines.
My suggestion, just have the users register an account with your service. Have the client send the MAC address and a hash of the user/pass combination over the internet to your server. Keep a list of known computers the client is connecting with.
Every time you see a new computer, you can verify the user in several ways- my favorite is sending them a text message, but that requires the user tell you their personal phone number and accept a call/text from your server to get a code. Another obvious solution is to use email, or simply a confirmation from one of the known valid PCs. Let the client know what you know about them, and let them add/remove their PCs. Legitimate users want to understand what information you have about them, and they can help you keep a list of accurate information.
That's my two cents. But you said you didn't want anything fancy, so maybe just use a username/password.. Just try to not hurt legitimate users in an attempt to prevent malicious users from being malicious.
Sorry I completely disregarded the question, I'm just firmly against the idea that hardware information is a good way to determine whether clients are legit.