diff --git a/src/api/customization.rs b/src/api/customization.rs
index acc5bec..2ef6f2a 100644
--- a/src/api/customization.rs
+++ b/src/api/customization.rs
@@ -17,7 +17,31 @@
 //! If you adapt them, make sure to run the tests before flashing the firmware.
 //! Our deploy script enforces the invariants.
 
+use crate::ctap::data_formats::CredentialProtectionPolicy;
+
 pub trait Customization {
+    // ###########################################################################
+    // Constants for adjusting privacy and protection levels.
+    // ###########################################################################
+
+    /// Changes the default level for the credProtect extension.
+    ///
+    /// You can change this value to one of the following for more privacy:
+    /// - CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList
+    /// - CredentialProtectionPolicy::UserVerificationRequired
+    ///
+    /// UserVerificationOptionalWithCredentialIdList
+    /// Resident credentials are discoverable with
+    /// - an allowList,
+    /// - an excludeList,
+    /// - user verification.
+    ///
+    /// UserVerificationRequired
+    /// Resident credentials are discoverable with user verification only.
+    ///
+    /// This can improve privacy, but can make usage less comfortable.
+    fn default_cred_protect(&self) -> Option<CredentialProtectionPolicy>;
+
     /// Maximum message size send for CTAP commands.
     ///
     /// The maximum value is 7609, as HID packets can not encode longer messages.
@@ -30,12 +54,20 @@ pub trait Customization {
 
 #[derive(Clone)]
 pub struct CustomizationImpl {
+    pub default_cred_protect: Option<CredentialProtectionPolicy>,
     pub max_msg_size: usize,
 }
 
-pub const DEFAULT_CUSTOMIZATION: CustomizationImpl = CustomizationImpl { max_msg_size: 7609 };
+pub const DEFAULT_CUSTOMIZATION: CustomizationImpl = CustomizationImpl {
+    default_cred_protect: None,
+    max_msg_size: 7609,
+};
 
 impl Customization for CustomizationImpl {
+    fn default_cred_protect(&self) -> Option<CredentialProtectionPolicy> {
+        self.default_cred_protect
+    }
+
     fn max_msg_size(&self) -> usize {
         self.max_msg_size
     }
diff --git a/src/ctap/customization.rs b/src/ctap/customization.rs
index 8b418ae..3bb24a5 100644
--- a/src/ctap/customization.rs
+++ b/src/ctap/customization.rs
@@ -17,30 +17,12 @@
 //! If you adapt them, make sure to run the tests before flashing the firmware.
 //! Our deploy script enforces the invariants.
 
-use crate::ctap::data_formats::{CredentialProtectionPolicy, EnterpriseAttestationMode};
+use crate::ctap::data_formats::EnterpriseAttestationMode;
 
 // ###########################################################################
 // Constants for adjusting privacy and protection levels.
 // ###########################################################################
 
-/// Changes the default level for the credProtect extension.
-///
-/// You can change this value to one of the following for more privacy:
-/// - CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList
-/// - CredentialProtectionPolicy::UserVerificationRequired
-///
-/// UserVerificationOptionalWithCredentialIdList
-/// Resident credentials are discoverable with
-/// - an allowList,
-/// - an excludeList,
-/// - user verification.
-///
-/// UserVerificationRequired
-/// Resident credentials are discoverable with user verification only.
-///
-/// This can improve privacy, but can make usage less comfortable.
-pub const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
-
 /// Sets the initial minimum PIN length in code points.
 ///
 /// # Invariant
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index f523f46..7fd13e4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -44,9 +44,9 @@ use self::config_command::process_config;
 use self::credential_management::process_credential_management;
 use self::crypto_wrapper::{aes256_cbc_decrypt, aes256_cbc_encrypt};
 use self::customization::{
-    DEFAULT_CRED_PROTECT, ENTERPRISE_ATTESTATION_MODE, ENTERPRISE_RP_ID_LIST,
-    MAX_CREDENTIAL_COUNT_IN_LIST, MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE,
-    MAX_RP_IDS_LENGTH, USE_BATCH_ATTESTATION, USE_SIGNATURE_COUNTER,
+    ENTERPRISE_ATTESTATION_MODE, ENTERPRISE_RP_ID_LIST, MAX_CREDENTIAL_COUNT_IN_LIST,
+    MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE, MAX_RP_IDS_LENGTH, USE_BATCH_ATTESTATION,
+    USE_SIGNATURE_COUNTER,
 };
 use self::data_formats::{
     AuthenticatorTransport, CoseKey, CoseSignature, CredentialProtectionPolicy,
@@ -763,11 +763,12 @@ impl CtapState {
         env.user_presence().check(channel)?;
         self.client_pin.clear_token_flags();
 
+        let default_cred_protect = env.customization().default_cred_protect();
         let mut cred_protect_policy = extensions.cred_protect;
         if cred_protect_policy.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
-            < DEFAULT_CRED_PROTECT.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
+            < default_cred_protect.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
         {
-            cred_protect_policy = DEFAULT_CRED_PROTECT;
+            cred_protect_policy = default_cred_protect;
         }
         let min_pin_length =
             extensions.min_pin_length && storage::min_pin_length_rp_ids(env)?.contains(&rp_id);