This shortcut detects if your password has been cracked without ever sending it off the device. It works by using k- anonymity, hashing the password and then only sending the fist 5 characters of the hash to pwnedpasswords.com. Pwnedpasswords then sends you back a list of all possible matching password hashes back to your device so any matching strings can be detected locally. This way your password is never sent to anyone.

See this Computerphile video for more information: