As part of a stringent access control policy, an organization is implementing a new authentication system for their secure server room. The system includes the use of a security badge, a biometric scan, and a mobile push notification approval. However, this system should be compliant with true three-factor authentication using the principle of 'something you have, something you are, and something you know'. In the context of this new system, which additional security measure should be introduced to adhere to the three-factor authentication policy?
Encrypting the security badge data with a unique key for each user
A PIN or password that is memorized by the user
A facial recognition scan as part of the biometric check
An RFID-enabled wristband for proximity authentication