Im guessing by "more direct", you mean "easier to implement".
The two methods you mentioned are pretty much the options available to you (which option you use depends on whether you want to use the encrypted or unencrypted password string).
Writing an expect script to reset a password is simple, just do a google search and you will have several working examples within minutes.
Using expect to run the "passwd" command protects the integrity of the file as it uses file locking to edit it, and a typo in your script is less likely to corrupt the shadow file.
Also if you are going to be changing passwords via a script keep in mind that it is bad security to leave passwords lying around hardcoded in scripts.