If it is your main device with a REMME certificate you may revoke it with your second factor device or private key (if you choose the most secure option with private key during initial certificate generation). If it is your 2FA device you may add a new device and delete the old one using your main device with the certificate.
Also, as an additional layer of security, we have inbuilt 2FA options. Moreover, you are able to confirm your log-in using a selected second factor tool (Telegram, Google Auth, hard token etc). The device you use for 2FA should generally be your mobile phone. That means that you have access to the network from different devices, each having its own certificate for access, but can always double check by applying 2FA.