Your hgrc is identical to mine (other than XX, YY :-). One difference may be that I set up an application specific password: https://support.google.com/accounts/answer/185833?hl=en
Tom
YES! Thanks for the pointer Tom, that got me where I needed to be.
1) If you haven't enabled TFA (Two Factor Authentication) for you account, visit this link and follow the steps:
https://myaccount.google.com/security/signinoptions/two-step-verification/en...
2) With TFA enabled, you can add app-specific passwords, like one for mercurial:
https://security.google.com/settings/security/apppasswords
And using the settings previously mentioned, with an app-specific password, you are all set! The less secure option is enabling a switch in your google account settings called something like "allow less secure apps", but that seems like a horrible idea. That's probably the way much older gmail accounts work if you haven't changed anything else, but being a "security conscious individual" (paranoid), I go for the TFA/app-password approach.
Thanks for the help all!
-- Brian