Re: Salt free
The third use case, which I've outlined below, is to synchronise biometrics back down to a replacement clock. Re-registering hundreds of employees is a little tedious.
If Kronos offer a fully managed service, it is entirely possible that they are hosting a clock server in addition to any HR solutions they provide (no idea, though).
This really is tinfoil hat territory. I mean, theoretically, IF you captured someone's fingerprint, then somehow turned it into a full fingerprint form that would work with a clock with a proper sensor (which would have to be the clocks only for the employee's work, or at least the same type of clock and sensor if you've hacked the clock server and downloaded all the templates to a clock), then either broke into the clock or the clock server, and determined the employee number. Then broke into the system with the employee's HR data, and then obtained personal information it's oh so very theoretically an issue.
However it would be far *far* easier to
1) Steal their fingerprint by dusting/etc if you want the fingerprint. After all you can't get their finger print from the clock.
2) Break/socially engineer access into the HR system based on more easily obtained employee information.